loading
I am currently looking for someone to help out with this blog. I didn't realize the scope that this blog would effect. Hits from countries in political strife and the like, people looking for a way to communicate outside of government control. If you would like to help please send me an email George dot Endrulat at Gmail dot Com.

Friday, June 10, 2011

[one-liner]: Working with ssh-keygen & SSH Key Pair Files

[one-liner]: Working with ssh-keygen & SSH Key Pair Files: "

Background



Here are some typical examples for creating ssh RSA key files. SSH keys are generated & modified using the command ssh-keygen.



Example #1 – defaults



For starters here’s what happens when you run ssh-keygen with just it’s defaults:




1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jaml/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jaml/.ssh/id_rsa.
Your public key has been saved in /home/jaml/.ssh/id_rsa.pub.
The key fingerprint is:
6c:e2:a9:9a:43:1a:11:e7:c7:95:46:06:d8:09:4e:3d jaml@grinchy
The key's randomart image is:
+--[ RSA 2048]----+
|  o=.+o.         |
|.oo E.+          |
| +.. +           |
|. . o  .         |
| . .  . S        |
|. .  . +         |
| +    o          |
|. .. .           |
|  oo.            |
+-----------------+





This will output 2 files, id_rsa (the private key) and id_rsa.pub (the public key).




1
2
3
% ls -l ~/.ssh/|grep id_rsa
-rw------- 1 jaml jaml  1675 Jun  7 22:25 id_rsa
-rw-r--r-- 1 jaml jaml   394 Jun  7 22:25 id_rsa.pub





You can also query the key file using ssh-keygen to see meta data around the key:




1
2
3
4
# shows the bit length of the key (2048), the keys finger print, the path of
# the public key, and its type "RSA" in this example.
% ssh-keygen -lf ~/.ssh/id_rsa
2048 6c:e2:a9:9a:43:1a:11:e7:c7:95:46:06:d8:09:4e:3d /home/jaml/.ssh/id_rsa.pub (RSA)





NOTE: pay special attention to both the permissions on the directory ~/.ssh and also the files within it. The private key (id_rsa) should always be permissioned 600 (-rw——-) while the public key (id_rsa.pub) should be 644 (-rw-r–r–). Additionally the directory ~/.ssh should be permissioned 700 (drwx——).



Example #2 – changing the key’s filename



This next example shows how you can change the name of the key’s file (test_ssh_key_rsa) & also add a comment “test key #1″ which describes the key in a little more detail.




1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# defaults to 2048 bit key & includes the comment -- "test key #1"

% ssh-keygen -t rsa -f ~/.ssh/test_ssh_key_rsa1 -C "test key #1"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jaml/.ssh/test_ssh_key_rsa1.
Your public key has been saved in /home/jaml/.ssh/test_ssh_key_rsa1.pub.
The key fingerprint is:
31:7d:57:1b:7c:ee:83:6d:ac:72:bf:a1:7a:81:91:e4 test key #1
The key's randomart image is:
+--[ RSA 2048]----+
|              ...|
|         . .   o+|
|        o + o .o.|
|         o E .  .|
|        S   o +. |
|           . o =.|
|              +..|
|           . +. .|
|           .=..o.|
+-----------------+
%





Again you can examine the key using ssh-keygen, like so:




1
2
% ssh-keygen -lf ~/.ssh/test_ssh_key_rsa1
2048 31:7d:57:1b:7c:ee:83:6d:ac:72:bf:a1:7a:81:91:e4 /home/jaml/.ssh/test_ssh_key_rsa1.pub (RSA)





Example #3 – making a bigger key



You can increase the length of the key to 4096 bits like so:




1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
% ssh-keygen -t rsa -b 4096 -f ~/.ssh/test_ssh_key_rsa2 -C "test key #2"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jaml/.ssh/test_ssh_key_rsa2.
Your public key has been saved in /home/jaml/.ssh/test_ssh_key_rsa2.pub.
The key fingerprint is:
c1:48:30:36:7d:46:1c:e9:6c:29:af:c4:6d:0a:43:97 test key #2
The key's randomart image is:
+--[ RSA 4096]----+
|    =o.ooo       |
|   . +.o=        |
|      .*o.       |
|    . E =.       |
|   . o =S        |
|    o o +        |
|     + +         |
|      o          |
|                 |
+-----------------+





Here’s the key’s info:




1
2
3
# see it's now 4096 bits in length
% ssh-keygen -lf ~/.ssh/test_ssh_key_rsa2
4096 c1:48:30:36:7d:46:1c:e9:6c:29:af:c4:6d:0a:43:97 /home/saml/.ssh/test_ssh_key_rsa2.pub (RSA)





Example #4 – changing the passphrase



If you have an existing key file and you’d like to change the passphrase associated with it, you can do it like this using ssh-keygen’s -p switch:




1
2
3
4
5
% ssh-keygen -f ~/.ssh/test_ssh_key_rsa2 -p
Key has comment '/home/saml/.ssh/test_ssh_key_rsa2'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.





Example #5 – deploying SSH key file




1
2
3
4
5
6
% ssh-copy-id -i ~/.ssh/test_ssh_key_rsa2 jaml@remotehost
Now try logging into the machine, with "ssh 'jaml@remotehost'", and check in:

 .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.





Now you can test your key by connecting to remotehost:




1
2
3
4
5
6
7
8
% ssh -i ~/.ssh/test_ssh_key_rsa2 jaml@remotehost
Last login: Wed Jun  8 23:40:58 2011 from localhost.mydom.net

*******
This is your fortune.
*******

[jaml@remotehost ~]#





References








NOTE: For further details regarding my one-liner blog posts, check out my one-liner style guide primer.

"


kw: mesh, networking, freedom, p2p, internet, bitcoin, asterisk, google, google voice, android, root, free, wireless, data, linux, voip, voice

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)