Re: SSH Key generation question



I wrote:
You don't even need the mkdir/chmod stuff, or most of the arguments to
ssh-keygen.

Todd <todd@xxxxxxxxxxx> wrote:
From: http://wiki.centos.org/HowTos/Network/SecuringSSH
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

The above permissions are required if StrictModes
is set to yes in /etc/ssh/sshd_config (the default).

Yes, that's right. And like I said you don't need to do it, as ssh-keygen
does it for you. Look:

$ ls -lad .ssh
ls: cannot access .ssh: No such file or directory
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/chris/.ssh/id_rsa):
Created directory '/home/chris/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/chris/.ssh/id_rsa.
Your public key has been saved in /home/chris/.ssh/id_rsa.pub.
The key fingerprint is:
[...]
$ ls -lad .ssh
drwx------ 2 chris chris 4096 Jun 21 23:14 .ssh
$ ls -lA .ssh
total 32
-rw------- 1 chris chris 1675 Jun 21 23:14 id_rsa
-rw-r--r-- 1 chris chris 400 Jun 21 23:14 id_rsa.pub
$

Chris
.



Relevant Pages

  • RE: Controlling ssh from an external program
    ... passphrase could be discovered and the private key would fall into dangerous ... NB the SSH environment strings need to be included in this mixture! ... character as the final character could signify accept from a file. ... Controlling ssh from an external program ...
    (SSH)
  • Re: More on learning "Public Key Authentication"
    ... > computers in my local network are configured that way. ... > A long passphrase is a good idea but for other reasons. ... I _think_ a passphrase is used merely to verify that a public SSH ... _public_ keys between computers, so I do not even use a public SSH ...
    (comp.sys.mac.system)
  • different SSH/keychain behavior on Fedora Core 4?
    ... I'm wondering if anyone's seen different SSH and keychain behavior on ... But since upgrading the home machine to FC4 this trick no longer works ... for the passphrase for the local RSA private key... ... I realize that this may be more of an SSH question than an actual Fedora ...
    (Fedora)
  • Re: Defering passphrase entry with ssh-add
    ... I'm not aware of any technical reason why ssh-add couldn't defer requesting a password until its required. ... Yes which is why you only check/run it when ssh is used. ... until it determined it needed your passphrase. ... Again, ssh-agent works for me across all terminals as well as just in X, it's ssh-add you are talking about here which is ...
    (SSH)
  • Re: Giving shutdown rights to somebody
    ... > Succinct is good. ... > account, but the ssh subsequently asks for the pass*phrase*, ... > between boxes, and other blank-passphrase keys for automated purposes ... > session aware of the passphrase so subsequent ssh sessions to other ...
    (comp.os.linux.security)