Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tech_notes:ssh [2024-03-09 Sat wk10 10:25] – [ssh-keygen] baumkptech_notes:ssh [2024-03-09 Sat wk10 10:45] (current) – [ssh-keygen] baumkp
Line 1: Line 1:
 {{tag>linux ssh ssh-keygen}} {{tag>linux ssh ssh-keygen}}
 ======ssh with key files====== ======ssh with key files======
 +The advantages of using SSH key-based include: 
 +  *Improved security
 +  *Easier access to ssh (if password keys are not used)
 + 
 +Clearly use of unique password encrypted keys gives best security.  However if a user has access to you terminal and user password they effectively have full system access anyway.
  
 +<fc #ff0000>The use of ''sudo'' should not be necessary as the keys created should be user based.</fc>
 =====ssh-keygen====== =====ssh-keygen======
-The  ''sudo ssh-key'' command is used to create ssh key pairs+The  ''ssh-keygen'' command is used to create ssh key pairs
  
-++++ssh-keygen+//Use ''man ssh-keygen'' to see options and description of command.//
-<code>usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile] +
-                  [-m format] [-N new_passphrase] [-O option] +
-                  [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa] +
-                  [-w provider] [-Z cipher] +
-       ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase] +
-                   [-P old_passphrase] [-Z cipher] +
-       ssh-keygen -i [-f input_keyfile] [-m key_format] +
-       ssh-keygen -e [-f input_keyfile] [-m key_format] +
-       ssh-keygen -y [-f input_keyfile] +
-       ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P passphrase] +
-       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] +
-       ssh-keygen -B [-f input_keyfile] +
-       ssh-keygen -D pkcs11 +
-       ssh-keygen -F hostname [-lv] [-f known_hosts_file] +
-       ssh-keygen -H [-f known_hosts_file] +
-       ssh-keygen -K [-a rounds] [-w provider] +
-       ssh-keygen -R hostname [-f known_hosts_file] +
-       ssh-keygen -r hostname [-g] [-f input_keyfile] +
-       ssh-keygen -M generate [-O option] output_file +
-       ssh-keygen -M screen [-f input_file] [-O option] output_file +
-       ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider] +
-                  [-n principals] [-O option] [-V validity_interval] +
-                  [-z serial_number] file ... +
-       ssh-keygen -L [-f input_keyfile] +
-       ssh-keygen -A [-a rounds] [-f prefix_path] +
-       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] +
-                  file ... +
-       ssh-keygen -Q [-l] -f krl_file [file ...] +
-       ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file +
-       ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file +
-       ssh-keygen -Y check-novalidate -n namespace -s signature_file +
-       ssh-keygen -Y sign -f key_file -n namespace file [-O option] ... +
-       ssh-keygen -Y verify -f allowed_signers_file -I signer_identity +
-                  -n namespace -s signature_file [-r krl_file] [-O option]</code> +
-+++++
  
 ====ssh-keygen default==== ====ssh-keygen default====
Line 54: Line 25:
  
 ====Warning==== ====Warning====
-<fc #ff0000>//**During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key. +<fc #ff0000>//During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key. 
-**//</fc>+//</fc>
  
 Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions: Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions:
Line 61: Line 32:
     *Public key - 644     *Public key - 644
  
 +=====sharing keys=====
 +Some examples:
 +  *''ssh-copy-id -i .ssh/key-with-pass.pub user@destination''  generic example
 +  *''ssh-copy-id -i .ssh/id-rsa.pub john.doe@192.168.0.1'' Will copy the default created id_rsa.pub key to IP 192.168.0.1 for user john.doe
  
 +The remote ssh will ask for remote shell password.
  
 +//Use ''man ssh--copy-id'' to see options and description of command.//
 +=====references=====
 [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]] [[https://www.redhat.com/sysadmin/configure-ssh-keygen|Using ssh-keygen and sharing for key-based authentication in Linux]]
  
 <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next-> <- tech_notes:git|back ^ tech_notes:index|Start page ^ tech_notes:s6|next->