LogoLogo
  • NoPorts Documentation
  • Getting Started
  • Installation
    • Quick Start from macOS or Windows
    • Connecting from macOS
      • macOS to macOS
      • macOS to Linux
      • macOS to Windows
    • Connecting from Linux
      • Linux to macOS
      • Linux to Linux
      • Linux to Windows
    • Connecting from Windows
      • Windows to macOS
      • Windows to Linux
      • Windows to Windows
    • Cloud Installation Guides
      • Automated Installation on Amazon Web Services (AWS)
      • Automated Installation on Google Cloud Platform (GCP)
      • Automated Installation on Microsoft Azure
      • Automated Installation on Oracle Cloud Infrastructure (OCI)
    • OpenWrt Installation Guide
    • Manual Installation Guides
      • Device Installation
        • Tmux session
        • Standalone Binaries
        • Systemd Unit
        • Headless
      • Client Installation
    • Custom OS/Device Installs
      • IPFire
    • Installs at Scale
    • Upgrading NoPorts Software
      • NoPorts Client Upgrade
      • NoPorts Daemon Upgrade
    • Available Releases
  • Use Cases
    • SSH
    • SFTP
    • RDP
    • Web Server
    • SMB
    • Be your own VPN
  • Usage
    • npt Usage
    • sshnp Usage
      • Client Additional Configuration
    • sshnpd configuration
      • Daemon Additional Configuration
  • Integrations
    • OpenSSH Config
    • PuTTY config
  • Resources
    • How to activate an atSign
    • Reuse your client atSign on another machine
      • Generate a new set of cryptographic keys
    • How to name a device
    • How to generate SSH keys
    • Why activate the device atSign on the client?
  • Product Information
    • The NoPorts Philosophy
    • NoPorts Desktop Application
    • NoPorts Policy Service
    • Frequently Asked Questions
    • How It Works
    • Under The Hood
    • Sequence Diagram
  • Related Pages
    • Main Site
    • GitHub
Powered by GitBook
On this page
Edit on GitHub
Export as PDF
  1. Resources

Why activate the device atSign on the client?

When you activate an atSign, you are doing a handful of steps to prepare the atSign for use. One of these steps is cutting a unique set of cryptographic keys.

The first time you activate, this set of keys that gets generated is a set of management keys. These keys have full permissions to your atServer, the personalized service which powers your atSign.

We recommend cutting the management keys on the client for a few reasons:

  1. It's extremely important that you don't lose these keys:

    1. They are less likely to get lost on your client machine than on your device.

    2. If a device is stolen you still have your management keys to recover from the theft.

  2. For each device we can issue it's own set of cryptographic keys which has a few perks:

    1. This allows us to limit the permissions of those keys to the bare minimum required for NoPorts.

    2. If a device gets compromised, we can safely revoke the set of cryptographic keys associated with that device, without affecting the other devices using the same atSign.

PreviousHow to generate SSH keysNextThe NoPorts Philosophy

Last updated 2 months ago