All pages
Powered by GitBook
1 of 2

Reuse your client atSign on another machine

A review of two available methods

Want to use your atSign on a different machine?

You can:

A. Generate a new set of cryptographic keys (Recommended)

B. Copy the cryptographic keys from the machine where it's been activated in the past (Not recommended)

Option A) Generate a new set of cryptographic keys (Recommended)

To generate a new set of cryptographic keys, there are three main steps. They occur from two different machines, so pay careful attention to which machine you perform each step on.

"Old machine" is the machine that has the original set of cryptographic keys that were generated. "New machine" is the device you want the new set of cryptographic keys on. These new keys will have restricted permissions that only work with NoPorts, and cannot be used for generating other keys.

  1. [Old machine] Generate a Passcode

  2. [New machine] Enroll the new key pair (send a request for keys from the new machine)

  3. [Old machine] Approve the request

For detailed instructions, follow this guide:

Generate a new set of cryptographic keys

Option B) Copy the cryptographic keys from the machine where it's been activated in the past (Not recommended)

  • The atSign keys file will be located at ~/.atsign/keys/ directory with a filename that will include the atSign. Copy this file from your other machine to the same location on the machine that you are installing SSH No Ports on, using scp or similar.

Why don't we recommend this approach?

When you use method A, it creates a new set of cryptographic keys. These keys can be disabled individually, which means if a device's keys are compromised, you can disable those keys without affecting your other devices.

Generate a new set of cryptographic keys

"Old machine" is the machine that has the original set of cryptographic keys that were generated. "New machine" is the device you want the new set of cryptographic keys on.

Step 1) Generate a passcode from your Old machine

Choose the operating system that is running on your old machine.

Make sure to replace <REPLACE_client> with your client atSign

~/.local/bin/at_activate otp -a @<REPLACE_client>

1.1 Open the Windows installer program and click "Manage Keys"

1.2 Enter the atSign you wish to manage and click "Next"

1.3 Click "New OTP"

1.4 Wait a few seconds for the OTP to appear then proceed to Step 2 on the New machine

Step 2) Make an authorization request on your New machine

Choose the operating system that is running on your new machine.

Make sure to replace the appropriate values: <REPLACE_client> with your client atSign <client_device_name> with a unique name for the device <PASSCODE> with the passcode from Step 1

~/.local/bin/at_activate enroll -a @<REPLACE_client> \
  -s <PASSCODE> \
  -p noports \
  -k ~/.atsign/keys/@<REPLACE_client>_key.atKeys \
  -d <client_device_name> \
  -n "sshnp:rw,sshrvd:rw"

2.1 Open the Windows Installer and click "Generate Keys"

2.2 Enter the atSign you wish to transfer and click "Next"

2.3 Enter the OTP then press "Generate"

2.4 Proceed to Step 3. Once the request has been approved in Step 3, you should see this screen

Step 3) Approve the request on your Old machine

Choose the operating system that is running on your old machine.

Make sure to replace <client_device_name> with the device name from Step 2

~/.local/bin/at_activate approve -a @<REPLACE_client> \
  --arx noports \
  --drx <client_device_name>

If you aren't already on the "Manage Keys" screen, follow Steps 1.1 and 1.2 above.

3.1 Once step 2 is complete press refresh and the new request will appear

3.2 Approve or Deny the request

  • If the request looks incorrect, then press "Deny" to deny it, and start the process again.

  • If the request looks correct, then press "Approve" to approve it.

3.3 Once the request is approved, it should disappear from the installer, the new machine's enrollment should complete in a few seconds.