Merge pull request #1556 from atsign-foundation/gitbook

docs(automated): Update docs from Gitbook
atsign-foundation · Nov 20, 2024 · 42630bc · 42630bc
2 parents 1b93542 + 7ebc2fc
commit 42630bc
Show file tree

Hide file tree

Showing 5 changed files with 165 additions and 7 deletions.
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
@@ -27,7 +27,9 @@
   * [npt Usage](usage/basic-usage/README.md)
     * [Additional Configuration](usage/basic-usage/additional-configuration.md)
   * [sshnp Usage](usage/basic-usage-1/README.md)
-    * [Additional Configuration](usage/basic-usage-1/additional-configuration.md)
+    * [Client Additional Configuration](usage/basic-usage-1/additional-configuration.md)
+  * [sshnpd configuration](usage/sshnpd-configuration/README.md)
+    * [Daemon Additional Configuration](usage/sshnpd-configuration/daemon-additional-configuration.md)
   * [Quick SSH picker script](usage/quick-ssh-picker-script.md)
   * [Integrate with ssh config](usage/integrate-with-ssh-config.md)
 

diff --git a/docs/usage/basic-usage-1/README.md b/docs/usage/basic-usage-1/README.md
@@ -102,7 +102,7 @@ Then use the associated private key, as mentioned under [#pre-existing-keys-in-p
 sshnp ... -i path/to/my/ssh/private/key ...
 ```
 
-## Putting it altogether
+## Putting it all together
 
 An example of a complete command might look like this:
 
@@ -117,10 +117,10 @@ sshnp -f @alice_client -t @alice_device -d my_server \
  -h @rv_am -i ~/.ssh/id_ed25519 -u bobc -U bobc
 ```
 
-The rest of the configuration for `sshnp` is contained in a separate guide:
-
 ## Additional Configuration
 
+The rest of the configuration for `sshnp` is contained in a separate guide:
+
 {% content-ref url="additional-configuration.md" %}
 [additional-configuration.md](additional-configuration.md)
 {% endcontent-ref %}

diff --git a/docs/usage/basic-usage-1/additional-configuration.md b/docs/usage/basic-usage-1/additional-configuration.md
@@ -1,8 +1,9 @@
 ---
 icon: gear-complex-code
+description: NoPorts client `sshnp` additional configuration
 ---
 
-# Additional Configuration
+# Client Additional Configuration
 
 ## Additional Options
 
@@ -61,7 +62,7 @@ Additional ssh options which are passed to the ssh program.
 
 ### --add-forwards-to-tunnel
 
-Enable this flag to pass the `-o, --local-ssh-options` to the initial ssh tunnel instead of the ssh session.&#x20;
+Enable this flag to pass the `-o, --local-ssh-options` to the initial ssh tunnel instead of the ssh session.
 
 ### --ssh-client
 
@@ -82,4 +83,3 @@ Pass command line arguments via an environment file.
 ### --list-devices
 
 List devices which have discovery (-u) enabled.
-
diff --git a/docs/usage/sshnpd-configuration/README.md b/docs/usage/sshnpd-configuration/README.md
@@ -0,0 +1,77 @@
+---
+icon: square-sliders
+---
+
+# sshnpd configuration
+
+### TL;DR
+
+```
+sshnp -m @<_client> -a @<_device> -d <name> 
+```
+
+{% hint style="info" %}
+Replace the \<??> with your specific atSign details
+{% endhint %}
+
+### Overview
+
+sshnpd is the daemon that runs on a device to facilitate access using NoPorts.
+
+### The three main parameters
+
+These mainly mirror the parameters from [sshnp](../basic-usage-1/) but there's one fewer as the socket rendezvous is only ever set by the client.
+
+#### 1. -a, --atsign
+
+This argument is the device address, a.k.a. the to address, since this is the address that the device is associated with. This argument is mandatory, in the form of an atSign. For example:
+
+```
+sshnpd ... -a @alice_device ...
+```
+
+#### 2a. -m, --manager, --managers
+
+This is the address of the client(s) that will be allowed to connect to the device. For example:
+
+```
+sshnpd ... -m @alice_client ...
+```
+
+#### 2b. -p, --policy-manager
+
+As an alternative to defining a list of managers a policy manager can be used, and the policy defined on that manager will describe which clients are allowed to connect. For example:
+
+```
+sshnpd ... -p @alice_policy ...
+```
+
+#### 3. -d, --device
+
+The device name. This is used to associate multiple devices with the same atSign. By default the value is `default` so unless you want that as the device name you will need to include this parameter. For example:
+
+```
+sshnpd ... -d my_device ...
+```
+
+### Putting it all together
+
+An example of a complete command might look like this:
+
+```
+sshnpd -a @alice_device -m @alice_client -d my_server
+```
+
+### Running the daemon as a service
+
+The daemon should normally be run as a service so that it starts up automatically and can be restarted if it should fail.
+
+Most mainstream Linux distributions use [systemd](https://en.wikipedia.org/wiki/Systemd) to manage services, and we provide a systemd unit file that's configured by the [universal installer](../../installation/linux/). That file can be edited after installation to customize or add additional options. For distributions such as OpenWrt we provide config and init files that can be customized with a text editor or configured through the web admin interface.
+
+### Additional Configuration
+
+The rest of the configuration for `sshnpd` is contained in a separate guide:
+
+{% content-ref url="daemon-additional-configuration.md" %}
+[daemon-additional-configuration.md](daemon-additional-configuration.md)
+{% endcontent-ref %}
diff --git a/docs/usage/sshnpd-configuration/daemon-additional-configuration.md b/docs/usage/sshnpd-configuration/daemon-additional-configuration.md
@@ -0,0 +1,79 @@
+---
+description: NoPorts daemon `sshnpd` additional configuration
+icon: gear
+---
+
+# Daemon Additional Configuration
+
+### Additional Options
+
+#### -k, --key-file, --keyFile
+
+Specify the `.atKeys` file for the `-a, --atsign` atSign if it's not stored in `~/.atsign/keys`
+
+#### -s, --\[no-]sshpublickey
+
+When set, will update authorized\_keys to include public key sent by manager.
+
+#### -h, --hide
+
+Hides the device from advertising its information to the manager atSign. Even with this enabled, sshnpd will still respond to ping requests from the manager. (This takes priority over the \[now deprecated] -u / --un-hide flag).
+
+#### -v, --\[no-]verbose
+
+More logging
+
+#### --ssh-client
+
+What to use for outbound ssh connections.
+
+\[openssh (default), dart]
+
+#### --root-domain
+
+atDirectory domain
+
+(Defaults to "root.atsign.org")
+
+#### --device-group
+
+The name of this device's group. When delegated authorization is being used then the group name is sent to the authorizer service as well as the device name, this daemon's atSign, and the client atSign which is requesting a connection
+
+(Defaults to "\_\_none\_\_")
+
+#### --local-sshd-port
+
+Port on which sshd is listening locally on localhost
+
+(Defaults to "22")
+
+#### -S, --sshpublickey-permissions
+
+When --sshpublickey is enabled, will include the specified permissions in the public key entry in authorized\_keys
+
+(Defaults to "")
+
+#### --ephemeral-permissions
+
+The permissions which will be added to the authorized\_keys file for the ephemeral public keys which are generated when a client is connecting via forward ssh e.g. PermitOpen="host-1:3389",PermitOpen="localhost:80"
+
+(Defaults to "")
+
+#### --ssh-algorithm
+
+Use RSA 4096 keys rather than the default ED25519 keys
+
+\[ssh-ed25519 (default), ssh-rsa]
+
+#### --storage-path
+
+Directory for local storage.
+
+(Defaults to `$HOME/.atsign/storage/$atSign/.npd/$deviceName/`)
+
+#### --permit-open,--po
+
+Comma separated-list of host:port to which the daemon will permit a connection from an authorized client. Hosts may be dns names or ip addresses.
+
+(Defaults to "localhost:22,localhost:3389")
+