I'm confused, I've done this before but I don't remember how...
I run ssh-keygen -f ~/.ssh/aur
I get :
Generating public/private rsa key pair.
/home/kzv/.ssh/aur already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kzv/.ssh/aur
Your public key has been saved in /home/kzv/.ssh/aur.pub
The key fingerprint is:
SHA256:7m3hJxlSa1MlR64BJyZ5SD+yWsyoTj2Fj5O0FrOrvV4 kzv@kz-video
The key's randomart image is:
+---[RSA 3072]----+
| .oo+ ... |
| o+.+..o |
| ..o .+. |
| = o...o |
| * S. o. |
| + &. * |
| o @ E+ = |
| o o * .= . |
| oo=....o |
+----[SHA256]-----+
I tried to put the SHA256: stuff into the pgp key and the randomart image into the SSH public key, but that can't be right... I need someone to spell it out for me :( I can't figure this out
SHA256:7m3hJxlSa1MlR64BJyZ5SD+yWsyoTj2Fj5O0FrOrvV4 kzv@kz-video
Does this go into the SSH public key section? If so, what goes into the PGP fingerprint? I've tried googling this....
https://bbs.archlinux.org/viewtopic.php?id=246592 (https://bbs.archlinux.org/viewtopic.php?id=246592)
I don't think you need that for an AUR account for most use cases. But if you really do - well hopefully somebody else has some ideas :D
https://forum.artixlinux.org/index.php/topic,1923.0.html
I am genuinely curious what were the exact words which you entered into Google search, and what were the first few results. This page that comes up as first result for me when I enter
"submit package to AUR" is:
https://wiki.archlinux.org/title/AUR_submission_guidelines
and the page that is shown when the words
"SSH keys" are entered in the search box on https://wiki.archlinux.org is:
https://wiki.archlinux.org/title/SSH_keys
but of course, actual reading is required to get to the section:
https://wiki.archlinux.org/title/SSH_keys#Manual_method
from there, it is easy to deduce that the public key resides in the .pub file, so that file's contents should be copied to the appropriate input box on the settings page.
(Not to mention the line:
Your public key has been saved in /home/kzv/.ssh/aur.pub from the ssh-keygen program.)
P.S: When it comes to
"PGP Key Fingerprint:" input field, a Google search for those exact words gives, among the "Related Results", "What is a PGP fingerprint?", leading to a page with quite graphic demonstration of how PGP/GPG works and what a fingerprint is, among other things:
https://mshelton.medium.com/how-to-lose-friends-and-anger-journalists-with-pgp-b5b6d078a315
Next time, follow alium's post (https://forum.artixlinux.org/index.php/topic,1923.0.html).
I still don't understand what to do... what part goes where? I run ssh-keygen -f ~/.ssh/aur and that gives me the PGP key fingerprint? I need this in simple terms...
whatever I guess this is just too complicated for me...
You can edit and change those fields after creating an AUR account under the my account section, so if you get it wrong on account creation or just leave it blank initially you can have another try after doing more research. Not all the fields are needed anyway, stuff like real name, irc nick, homepage - that's just like you adding your details if you want to promote them for some free publicity, probably the same with the pgp key - this is a personal ID thing.
You might possibly need the ssh public (not private) key if you are managing a package, it says:
The following information is only required if you want to submit packages to the Arch User Repository.
SSH Public Key: