Re: Help me create and use ssh keys that are hard to crack

Martín Josemaría <martin.vuelta@xxxxxxxxx> · Sun, 9 Feb 2020 22:45:08 -0500

Hi, Sean

A setup that I always use is the following:

1. Create ssh keys with the folowing command:

--------------------
$ ssh-keygen -t rsa -b 4096 -C "A descriptive comment for my ssh key" -f ~/.ssh/a_fancy_name_for_my_ssh_key -N ""
--------------------

This give to me an SSH key of 4096 bits with RSA, very strong :3.

2. An ssh config file `~/.ssh/config` which looks like this

--------------------
Host friendly_host_name_1
    HostName ip_or_domain_1
    User user_name_1
    IdentityFile ~/.ssh/my_ssh_key_1
    IdentitiesOnly yes
    ServerAliveInterval 15

Host friendly_host_name_2
    HostName ip_or_domain_2
    User user_name_2
    IdentityFile ~/.ssh/my_ssh_key_2
    IdentitiesOnly yes
    ServerAliveInterval 15
--------------------

3. An autoload script, usually `~/.ssh/autoload` to load all my ssh keys

--------------------
#! /bin/bash
if [ ! -S ~/.ssh/ssh_auth_sock ]; then
    eval `ssh-agent` > /dev/null
    ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
fi

export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock

if [[ $(ssh-add -l) == "The agent has no identities." ]]; then
    keylist="$HOME/.ssh/required_keys.txt"
    # eval keylist="${keylist}"
    grep '^ \{1,\}IdentityFile' ~/.ssh/config > "${keylist}"

    while read -r line; do
        key="${line##* }"
        eval key="${key}"
        ssh-add "${key}" &> /dev/null
    done < "${keylist}"

    rm "${keylist}"
fi
--------------------

4. And then a source command on my `.zshrc` or `.bashrc` file

--------------------
# Autoload SSH
source ~/.ssh/autoload
--------------------

And that's all, this is suffiente to me. I can manage my connections over ssh without pain.

Atte:

Martín Josemaría Vuelta Rojas
_______________________________________________________
E-mail: martin.vuelta@xxxxxxxxx
Web   : martin.vuelta.me

* Facultad de Ciencias Físicas
Universidad Nacional Mayor de San Marcos

El dom., 9 feb. 2020 a las 11:07, Sean Rooney (<get.rooney.s1@xxxxxxxxx>) escribió:
Hello Fedora Docs Team,

Could anyone link me resources on creating and managing ssh keys? I'm 

new to using them and I don't want to accidentally create a weak one 

that gets cracked. Thank you.

Regards

Sean

_______________________________________________

docs mailing list -- docs@xxxxxxxxxxxxxxxxxxxxxxx

To unsubscribe send an email to docs-leave@xxxxxxxxxxxxxxxxxxxxxxx

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/docs@xxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
docs mailing list -- docs@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to docs-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/docs@xxxxxxxxxxxxxxxxxxxxxxx