From c9c02078ac6a2ef3fc2e2f1be6315dc7aa2e3ec9 Mon Sep 17 00:00:00 2001 From: Rob Cameron Date: Tue, 4 Apr 2023 13:59:55 -0700 Subject: [PATCH 1/2] Update docs to reference creating an ED25519 key instead of RSA (#8013) --- docs/docs/intro-to-servers.md | 52 +++++++++---------- .../version-4.0/intro-to-servers.md | 52 +++++++++---------- 2 files changed, 52 insertions(+), 52 deletions(-) diff --git a/docs/docs/intro-to-servers.md b/docs/docs/intro-to-servers.md index 16fd6c284551..2fb482d4bf9f 100644 --- a/docs/docs/intro-to-servers.md +++ b/docs/docs/intro-to-servers.md @@ -222,7 +222,7 @@ You can have multiple public keys from multiple development machines on the serv ### Public/Private Keypairs -You may already have a public/private keypair! Check in `~/.ssh` and look for two files with the same name before the extension, one with `.pub` on the end (`id_rsa` and `id_rsa.pub`, for example). If you don't remember actually putting these files in the directory, then they were probably generated by a program like `ssh-keygen`, and SSH is already using them! +You may already have a public/private keypair! Check in `~/.ssh` and look for two files with the same name before the extension, one with `.pub` on the end (`id_ed25519` and `id_ed25519.pub`, for example). If you don't remember actually putting these files in the directory, then they were probably generated by a program like `ssh-keygen`, and SSH is already using them! To see which of your keys SSH is already aware of, you can run this command to list them: @@ -233,49 +233,49 @@ ssh-add -L You should get zero or more lines containing public SSH keys, something like this: ``` -ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB3Edk1OE6BU6hK2EZchm= rob@computer.local +ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABCU90x/khqD1sDW= rob@computer.local ``` -If I compare that to the content of my `~/.ssh/id_rsa.pub` file I can see that they match! Great, so SSH is already using our public key when it tries to connect. But what if you don't have a public/private keypair? +If I compare that to the content of my `~/.ssh/id_ed25519.pub` file I can see that they match! Great, so SSH is already using our public key when it tries to connect. But what if you don't have a public/private keypair? ### Generating a Public/Private Keypair There's a simple command to generate a new keypair: ``` -ssh-keygen -t rsa -r 4096 +ssh-keygen -t ed25519 ``` -This tells the program to generate a key using the RSA algorithm and to make it 4096 bytes long. There are [newer algorithms](https://goteleport.com/blog/comparing-ssh-keys/) available, but not all of them are supported everywhere. The linked article goes into depth into the various algorithms and their pros and cons. +This tells the program to generate a key using the ED25519 algorithm. There are [many algorithms](https://goteleport.com/blog/comparing-ssh-keys/) available, but not all of them are supported everywhere. The linked article goes into depth into the various algorithms and their pros and cons. You will be prompted for a couple of questions: ``` -Generating public/private rsa key pair. -Enter file in which to save the key (/Users/rob/.ssh/id_rsa): +Generating public/private ed25519 key pair. +Enter file in which to save the key (/Users/rob/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: ``` -If you don't have any keys, go ahead and use the default name (`id_rsa`) by just hitting ENTER. +If you don't have any keys, go ahead and use the default name `id_ed25519` by just hitting ENTER. A Passphrase is an additional line of security on your key. However, it also adds some inconvenience around using your public key: you'll need to enter the passpharse each time your private key is accessed. Which is great for security, but kind of defeats the purpose of sharing your public key with the server to make access easier. As long as you protect your private key, you shouldn't need to worry about adding a passphrase. Press ENTER (twice) to create your keypair without a passphrase. ``` -Your identification has been saved in id_rsa -Your public key has been saved in id_rsa.pub +Your identification has been saved in id_ed25519 +Your public key has been saved in id_ed25519.pub The key fingerprint is: -SHA256:g9tcaULSzcMLEoRREugBXEFotYdCicFZ4beRZRcTeMw rob@trion.local +SHA256:6Qg7RQRGp1AtfVIOucEt1HtZWkYMU1LZYBVwBsXwTWQ rob@computer.local The key's randomart image is: -+---[RSA 4096]----+ -|*+OO**+o+=o | -|oB+ +.++.E. | -|.o = =o = = | -| o o o= . + | -| .. S = | -| + = | -| . o | -| | ++--[ED25519 256]--+ +| .B&@O+ .E +==| +| o=*= .** . o .o| +| . o . . . .| +| .o o . o ..| +| o . A * + .| +| = + = + | +| o . * . | +| . o | | | +----[SHA256]-----+ ``` @@ -286,7 +286,7 @@ From this [Super User answer](https://superuser.com/a/22541): > Validation is normally done by a comparison of meaningless strings (i.e. the hexadecimal representation of the key fingerprint), which humans are pretty slow and inaccurate at comparing. Randomart replaces this with structured images that are faster and easier to compare. -I suppose the idea is that if humans ever needed to compare public keys they could use the randomart version and know pretty quickly whether they're the same (instead of comparing 4096 bytes by eye!) +I suppose the idea is that if humans ever needed to compare public keys they could use the randomart version and know pretty quickly whether they're the same (instead of comparing a bunch of random number and letters by eye!) ::: @@ -301,7 +301,7 @@ ssh-add -L Do you see your new public key listed? If not, we just have to let `ssh-agent` know where it is and to start using it (note that you give the path to the private key): ``` -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ``` Now running `ssh-add -L` should list our key. @@ -311,7 +311,7 @@ Now running `ssh-add -L` should list our key. I've had cases where my key was unknown to `ssh-agent` after a computer restart. I added the following to the `~/.zshrc` file on my computer (not the server) so that the key is added every time I start a new terminal session: ``` -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ``` ::: @@ -321,7 +321,7 @@ ssh-add ~/.ssh/id_rsa So SSH is now presenting the key to the server, but the server doesn't know what to do with it. We'll now copy our *public* key to the server so that it allows connections from it. Write your public key to the terminal so that you can copy it: ``` -cat ~/.ssh/id_rsa.pub +cat ~/.ssh/id_ed25519.pub ``` :::info @@ -329,7 +329,7 @@ cat ~/.ssh/id_rsa.pub On MacOS you can copy the key into your clipboard with this two-part command: ``` -cat ~/.ssh/id_rsa.pub | pbcopy +cat ~/.ssh/id_ed25519.pub | pbcopy ``` ::: @@ -344,7 +344,7 @@ Now just paste your key into this file on a new line. It helps to add a comment ``` # Rob Cameron (optimus-prime) -ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB3Edk1OE6BU6hK2EZchm= rob@computer.local +ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABCU90x/khqD1sDW= rob@computer.local ``` Save the file and exit. Now, disconnect from the SSH session with `exit` and reconnect, but this time you shouldn't need a password or private key (if you were using `-i` you can leave that off) and simply connect with: diff --git a/docs/versioned_docs/version-4.0/intro-to-servers.md b/docs/versioned_docs/version-4.0/intro-to-servers.md index 16fd6c284551..2fb482d4bf9f 100644 --- a/docs/versioned_docs/version-4.0/intro-to-servers.md +++ b/docs/versioned_docs/version-4.0/intro-to-servers.md @@ -222,7 +222,7 @@ You can have multiple public keys from multiple development machines on the serv ### Public/Private Keypairs -You may already have a public/private keypair! Check in `~/.ssh` and look for two files with the same name before the extension, one with `.pub` on the end (`id_rsa` and `id_rsa.pub`, for example). If you don't remember actually putting these files in the directory, then they were probably generated by a program like `ssh-keygen`, and SSH is already using them! +You may already have a public/private keypair! Check in `~/.ssh` and look for two files with the same name before the extension, one with `.pub` on the end (`id_ed25519` and `id_ed25519.pub`, for example). If you don't remember actually putting these files in the directory, then they were probably generated by a program like `ssh-keygen`, and SSH is already using them! To see which of your keys SSH is already aware of, you can run this command to list them: @@ -233,49 +233,49 @@ ssh-add -L You should get zero or more lines containing public SSH keys, something like this: ``` -ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB3Edk1OE6BU6hK2EZchm= rob@computer.local +ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABCU90x/khqD1sDW= rob@computer.local ``` -If I compare that to the content of my `~/.ssh/id_rsa.pub` file I can see that they match! Great, so SSH is already using our public key when it tries to connect. But what if you don't have a public/private keypair? +If I compare that to the content of my `~/.ssh/id_ed25519.pub` file I can see that they match! Great, so SSH is already using our public key when it tries to connect. But what if you don't have a public/private keypair? ### Generating a Public/Private Keypair There's a simple command to generate a new keypair: ``` -ssh-keygen -t rsa -r 4096 +ssh-keygen -t ed25519 ``` -This tells the program to generate a key using the RSA algorithm and to make it 4096 bytes long. There are [newer algorithms](https://goteleport.com/blog/comparing-ssh-keys/) available, but not all of them are supported everywhere. The linked article goes into depth into the various algorithms and their pros and cons. +This tells the program to generate a key using the ED25519 algorithm. There are [many algorithms](https://goteleport.com/blog/comparing-ssh-keys/) available, but not all of them are supported everywhere. The linked article goes into depth into the various algorithms and their pros and cons. You will be prompted for a couple of questions: ``` -Generating public/private rsa key pair. -Enter file in which to save the key (/Users/rob/.ssh/id_rsa): +Generating public/private ed25519 key pair. +Enter file in which to save the key (/Users/rob/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: ``` -If you don't have any keys, go ahead and use the default name (`id_rsa`) by just hitting ENTER. +If you don't have any keys, go ahead and use the default name `id_ed25519` by just hitting ENTER. A Passphrase is an additional line of security on your key. However, it also adds some inconvenience around using your public key: you'll need to enter the passpharse each time your private key is accessed. Which is great for security, but kind of defeats the purpose of sharing your public key with the server to make access easier. As long as you protect your private key, you shouldn't need to worry about adding a passphrase. Press ENTER (twice) to create your keypair without a passphrase. ``` -Your identification has been saved in id_rsa -Your public key has been saved in id_rsa.pub +Your identification has been saved in id_ed25519 +Your public key has been saved in id_ed25519.pub The key fingerprint is: -SHA256:g9tcaULSzcMLEoRREugBXEFotYdCicFZ4beRZRcTeMw rob@trion.local +SHA256:6Qg7RQRGp1AtfVIOucEt1HtZWkYMU1LZYBVwBsXwTWQ rob@computer.local The key's randomart image is: -+---[RSA 4096]----+ -|*+OO**+o+=o | -|oB+ +.++.E. | -|.o = =o = = | -| o o o= . + | -| .. S = | -| + = | -| . o | -| | ++--[ED25519 256]--+ +| .B&@O+ .E +==| +| o=*= .** . o .o| +| . o . . . .| +| .o o . o ..| +| o . A * + .| +| = + = + | +| o . * . | +| . o | | | +----[SHA256]-----+ ``` @@ -286,7 +286,7 @@ From this [Super User answer](https://superuser.com/a/22541): > Validation is normally done by a comparison of meaningless strings (i.e. the hexadecimal representation of the key fingerprint), which humans are pretty slow and inaccurate at comparing. Randomart replaces this with structured images that are faster and easier to compare. -I suppose the idea is that if humans ever needed to compare public keys they could use the randomart version and know pretty quickly whether they're the same (instead of comparing 4096 bytes by eye!) +I suppose the idea is that if humans ever needed to compare public keys they could use the randomart version and know pretty quickly whether they're the same (instead of comparing a bunch of random number and letters by eye!) ::: @@ -301,7 +301,7 @@ ssh-add -L Do you see your new public key listed? If not, we just have to let `ssh-agent` know where it is and to start using it (note that you give the path to the private key): ``` -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ``` Now running `ssh-add -L` should list our key. @@ -311,7 +311,7 @@ Now running `ssh-add -L` should list our key. I've had cases where my key was unknown to `ssh-agent` after a computer restart. I added the following to the `~/.zshrc` file on my computer (not the server) so that the key is added every time I start a new terminal session: ``` -ssh-add ~/.ssh/id_rsa +ssh-add ~/.ssh/id_ed25519 ``` ::: @@ -321,7 +321,7 @@ ssh-add ~/.ssh/id_rsa So SSH is now presenting the key to the server, but the server doesn't know what to do with it. We'll now copy our *public* key to the server so that it allows connections from it. Write your public key to the terminal so that you can copy it: ``` -cat ~/.ssh/id_rsa.pub +cat ~/.ssh/id_ed25519.pub ``` :::info @@ -329,7 +329,7 @@ cat ~/.ssh/id_rsa.pub On MacOS you can copy the key into your clipboard with this two-part command: ``` -cat ~/.ssh/id_rsa.pub | pbcopy +cat ~/.ssh/id_ed25519.pub | pbcopy ``` ::: @@ -344,7 +344,7 @@ Now just paste your key into this file on a new line. It helps to add a comment ``` # Rob Cameron (optimus-prime) -ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB3Edk1OE6BU6hK2EZchm= rob@computer.local +ssh-ed25519 AAAAB3NzaC1yc2EAAAADAQABCU90x/khqD1sDW= rob@computer.local ``` Save the file and exit. Now, disconnect from the SSH session with `exit` and reconnect, but this time you shouldn't need a password or private key (if you were using `-i` you can leave that off) and simply connect with: From 1072d23a7c7a0e0c617e72a9409bec2c69200c86 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Apr 2023 22:27:39 +0000 Subject: [PATCH 2/2] chore(deps): update dependency @supabase/supabase-js to v2.14.0 --- .../auth-providers/supabase/web/package.json | 4 ++-- yarn.lock | 22 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/packages/auth-providers/supabase/web/package.json b/packages/auth-providers/supabase/web/package.json index 6a010e6d387e..b42e8170d7e3 100644 --- a/packages/auth-providers/supabase/web/package.json +++ b/packages/auth-providers/supabase/web/package.json @@ -28,14 +28,14 @@ "devDependencies": { "@babel/cli": "7.21.0", "@babel/core": "7.21.3", - "@supabase/supabase-js": "2.13.1", + "@supabase/supabase-js": "2.14.0", "@types/react": "18.0.33", "jest": "29.5.0", "react": "18.2.0", "typescript": "5.0.3" }, "peerDependencies": { - "@supabase/supabase-js": "2.13.1" + "@supabase/supabase-js": "2.14.0" }, "gitHead": "3905ed045508b861b495f8d5630d76c7a157d8f1" } diff --git a/yarn.lock b/yarn.lock index 18fc8fe998a8..abeda931ee76 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6512,14 +6512,14 @@ __metadata: "@babel/cli": 7.21.0 "@babel/core": 7.21.3 "@babel/runtime-corejs3": 7.21.0 - "@supabase/supabase-js": 2.13.1 + "@supabase/supabase-js": 2.14.0 "@types/react": 18.0.33 core-js: 3.29.1 jest: 29.5.0 react: 18.2.0 typescript: 5.0.3 peerDependencies: - "@supabase/supabase-js": 2.13.1 + "@supabase/supabase-js": 2.14.0 languageName: unknown linkType: soft @@ -8579,12 +8579,12 @@ __metadata: languageName: node linkType: hard -"@supabase/gotrue-js@npm:^2.16.0": - version: 2.16.0 - resolution: "@supabase/gotrue-js@npm:2.16.0" +"@supabase/gotrue-js@npm:^2.18.1": + version: 2.20.0 + resolution: "@supabase/gotrue-js@npm:2.20.0" dependencies: cross-fetch: ^3.1.5 - checksum: 5665084b03c6b54da2823dbeae6179caeb4490c57a89f85bd4ff3df36d2927f4f4f685a9acb628798db04ab169ba9c35a8370e6e337adc986f5a67e689cc1da7 + checksum: a474de8b2e3d4d2e116c7c59b0b1ee970d6478f672cb7de7aeca64cc05a193880f569fe90613b47ce74bce827995e28bc11924c20eccf39685fde7b87d9c4fb6 languageName: node linkType: hard @@ -8617,17 +8617,17 @@ __metadata: languageName: node linkType: hard -"@supabase/supabase-js@npm:2.13.1": - version: 2.13.1 - resolution: "@supabase/supabase-js@npm:2.13.1" +"@supabase/supabase-js@npm:2.14.0": + version: 2.14.0 + resolution: "@supabase/supabase-js@npm:2.14.0" dependencies: "@supabase/functions-js": ^2.1.0 - "@supabase/gotrue-js": ^2.16.0 + "@supabase/gotrue-js": ^2.18.1 "@supabase/postgrest-js": ^1.1.1 "@supabase/realtime-js": ^2.7.1 "@supabase/storage-js": ^2.3.1 cross-fetch: ^3.1.5 - checksum: 067680864ce392f0b427e99d0214214f168757b9850c55e5148a4b656a99123c27b377a912e75b4d76bf1a0fa149f9f11cb255021ee0774ae6781d943567ec98 + checksum: 0ce0a0901690ad872dfb1ec8d5e49e4e8cdbbf6c807263e5c2e2ba15a89e7f2da9f6821bf85cd18be0dccfd705c99753f522c3ab35e955ed6e84f9494162baa7 languageName: node linkType: hard