User Tools

Site Tools


user:nbrimme1:portfolio:openssh

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
user:nbrimme1:portfolio:openssh [2018/06/09 18:44]
nbrimme1 [SSH Server Configuration]
user:nbrimme1:portfolio:openssh [2018/06/19 16:31] (current)
nbrimme1 [Key Generation]
Line 42: Line 42:
  
 ====Key Generation==== ====Key Generation====
-<code bash>## -C Comment, not needed for host keys +<code bash>## -C "Comment", not needed for host keys 
-## -N ' ' new (blank) ​passphrase +## -p  Request to change ​passphrase 
-## -o bcrypt key derivation function, implied with ED25519 +## -f <​filename> ​ Output filename ​of key file 
-## -a # number ​of rounds for bcrypt ​key derivation + 
-## -p request to change passphrase +## DSA: **NO LONGER ALLOWED; OpenSSH >=7.0 
-# DSA: **NO LONGER ALLOWED; OpenSSH >=7.0 +$> ssh-keygen -f /​etc/​ssh/​ssh_host_dsa_key ​
-$> ssh-keygen -f /​etc/​ssh/​ssh_host_dsa_key -N ''​ -t dsa + -t dsa \  # -t <​type> ​ Key type 
-# ECDSA: *OpenSSH >=5.7 + -N '' ​    # -N '' ​     New (blank) passphrase 
-$> ssh-keygen -f /​etc/​ssh/​ssh_host_ecdsa_key -N ''​ -t ecdsa +## ECDSA: *OpenSSH >=5.7 
-# ED25519: All keys 256-bit , *OpenSSH >=6.5 +$> ssh-keygen -f /​etc/​ssh/​ssh_host_ecdsa_key ​
-$> ssh-keygen -f /​etc/​ssh/​ssh_host_ed25519_key -N ''​ -t ed25519 ​-o -a 100 + -t ecdsa \  # -t <​type> ​ Key type 
-# RSA: Min:1024, Recommended/​Default:​2048,​ Max:16384 + -N '' ​      # -N '' ​     New (blank) passphrase 
-$> ssh-keygen -f /​etc/​ssh/​ssh_host_rsa_key ​-N '' ​-t rsa -b 4096 -o -a 100+## ED25519: All keys 256-bit , *OpenSSH >=6.5 
 +$> ssh-keygen -f /​etc/​ssh/​ssh_host_ed25519_key ​
 + -t ed25519 \  # -t <​type> ​ Key type 
 + -N '' ​\  # -N '' ​  New (blank) passphrase 
 + -o \     # -o      bcrypt key derivation function, implied with ED25519 
 + -a 100   # -a <#> ​ Number of rounds for bcrypt key derivation 
 +## RSA: Min:1024, Recommended/​Default:​2048,​ Max:16384 
 +$> ssh-keygen -f /​etc/​ssh/​ssh_host_rsa_key ​
 + -t rsa \   # -t <​type> ​ Key type 
 + -b 4096 \  # -b <​bits> ​ Number of bits in the key 
 + -N ''​ \    # -N '' ​  New (blank) passphrase 
 + -o \       # -o      bcrypt key derivation function, implied with ED25519 
 + -a 100     # -a <#> ​ Number of rounds for bcrypt key derivation 
 + 
 +## PKCS#8 SSH Private Keys 
 +# Convert: Convert a private SSH key into PKCS#8 format 
 +$> mv ~/​.ssh/​id_rsa ~/​.ssh/​id_rsa.old 
 +$> openssl pkcs8 -topk8 -v2 des3 \ 
 + -in ~/​.ssh/​id_rsa.old \ 
 + -out ~/​.ssh/​id_rsa 
 +$> chmod 600 ~/​.ssh/​id_rsa 
 +# Check that the converted key works; if yes, delete the old one 
 +$> rm ~/​.ssh/​id_rsa.old 
 +
 +# Revert: Convert a PKCS#8 key back into a private SSH key 
 +$> mv ~/​.ssh/​id_rsa ~/​.ssh/​id_rsa.pkcs8 
 +# Decrypt the key with openssl 
 +$> openssl pkcs8 \ 
 + -in ~/​.ssh/​id_rsa.pkcs8 \ 
 + -out ~/​.ssh/​id_rsa 
 +$> chmod 600 ~/​.ssh/​id_rsa 
 +# Re-encrypt the key using the traditional SSH key format 
 +$> ssh-keygen -f ~/​.ssh/​id_rsa -p
 </​code>​ </​code>​
  
user/nbrimme1/portfolio/openssh.1528584277.txt.gz · Last modified: 2018/06/09 18:44 by nbrimme1