Skip to content

Instantly share code, notes, and snippets.

@bjesuiter

bjesuiter/Readme.md

Last active March 26, 2024 15:41
Show Gist options
  • Save bjesuiter/7da69e6a92b7c079997e7011069729f8 to your computer and use it in GitHub Desktop.
Save bjesuiter/7da69e6a92b7c079997e7011069729f8 to your computer and use it in GitHub Desktop.
Download ZIP
SSH Best Practice Keygen Commands
Raw
Readme.md

SSH Best Practices

Generate new Keys

## SSH Keygen
# -t key algorithm, use "-t rsa -b 4096" for legacy systems
# -N you can pass the key's passphrase directly in the arguments
#    CAUTION: Security Risk because of shell command logging!
# -a = Anzahl der "Verschlüsselungsrunden", höher ist besser
# Default key name on a system: id_ed25519
#
ssh-keygen -t ed25519 \
           -a 420 \
           -f "${HOME}/.ssh/mykey.ed25519" \
           -C "A comment for identifying the key!"
  • ! - Jeder Key sollte ein Passwort besitzen!
  • i - Für einfachere Nutzung kann ein ssh-agent genutzt werden

Using an ssh-agent via shell

  • ssh-add add private keys to ssh-agent
    • -c ask for permission before use
    • -d removes key from ssh-agent

Debugging SSH

https://medium.com/ci-cd-devops/ssh-receive-packet-type-51-154288e46609

=> Copy available on my raindrop.io

Raw
ssh-keyggen.sh
#!/usr/bin/env bash
# -*- coding: utf-8 -*-
# Use RSA 4096 or Ed25519 (if supported), for more details, see: https://goteleport.com/blog/comparing-ssh-keys/
ssh-keygen -t rsa -b 4096
ssh-keygen -t rsa -b 4096 -N # [new passphrase (if wanted)]
# -a = Anzahl der "Verschlüsselungsrunden"
# Default key on a system: id_ed25519
ssh-keygen -t ed25519 \
-a 420 \
-f "${HOME}/.ssh/mykey.ed25519" \
-C "A comment for identifying the key!"
# Single Line SSH Keygen
ssh-keygen -t ed25519 -a 420 -f "${HOME}/.ssh/mykey.ed25519" -C "A comment for identifying the key!"
# Single Line SSH Keygen - simplified (use default settings for "encryption count param" -a)
ssh-keygen -t ed25519 -f "${HOME}/.ssh/mykey" -C "a_comment_for_key_identification"
# Interactive Input:
# - Name for private key: for example bjesuiter@zephir-mbp-15
# - Password for private key: save in JB_SSH.kdbx
# Set Key Permission (when copied into ~/.ssh from outside
# replace 'private_key' with the name of your private key file
chmod 600 ~/.ssh/private_key
# Fix permissions
chmod 700 ~/.ssh
chmod 644 ~/.ssh/config
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment