bjesuiter/Readme.md

## Readme.md

      
    Raw
  

              Readme.md
            
          
    SSH Best Practices

Generate new Keys

## SSH Keygen
# -t key algorithm, use "-t rsa -b 4096" for legacy systems
# -N you can pass the key's passphrase directly in the arguments
#    CAUTION: Security Risk because of shell command logging!
# -a = Anzahl der "Verschlüsselungsrunden", höher ist besser
# Default key name on a system: id_ed25519
#
ssh-keygen -t ed25519 \
           -a 420 \
           -f "${HOME}/.ssh/mykey.ed25519" \
           -C "A comment for identifying the key!"


! - Jeder Key sollte ein Passwort besitzen!
i - Für einfachere Nutzung kann ein ssh-agent genutzt werden

Using an ssh-agent via shell


ssh-add add private keys to ssh-agent

-c ask for permission before use
-d removes key from ssh-agent


Debugging SSH

https://medium.com/ci-cd-devops/ssh-receive-packet-type-51-154288e46609
=> Copy available on my raindrop.io

  
## ssh-keyggen.sh
#!/usr/bin/env bash
# -*- coding: utf-8 -*-

# Use RSA 4096 or Ed25519 (if supported), for more details, see: https://goteleport.com/blog/comparing-ssh-keys/
ssh-keygen -t rsa -b 4096
ssh-keygen -t rsa -b 4096  -N # [new passphrase (if wanted)]

# -a = Anzahl der "Verschlüsselungsrunden"
# Default key on a system: id_ed25519
ssh-keygen -t ed25519 \
           -a 420 \
           -f "${HOME}/.ssh/mykey.ed25519" \
           -C "A comment for identifying the key!"

# Single Line SSH Keygen
ssh-keygen -t ed25519 -a 420 -f "${HOME}/.ssh/mykey.ed25519" -C "A comment for identifying the key!"

# Single Line SSH Keygen - simplified (use default settings for "encryption count param" -a)
ssh-keygen -t ed25519 -f "${HOME}/.ssh/mykey" -C "a_comment_for_key_identification"

# Interactive Input:
# - Name for private key: for example bjesuiter@zephir-mbp-15
# - Password for private key: save in JB_SSH.kdbx

# Set Key Permission (when copied into ~/.ssh from outside
# replace 'private_key' with the name of your private key file
chmod 600 ~/.ssh/private_key

# Fix permissions
chmod 700 ~/.ssh
chmod 644 ~/.ssh/config
chmod 644 ~/.ssh/authorized_keys
chmod 644 ~/.ssh/known_hosts
	#!/usr/bin/env bash
	# -- coding: utf-8 --

	# Use RSA 4096 or Ed25519 (if supported), for more details, see: https://goteleport.com/blog/comparing-ssh-keys/
	ssh-keygen -t rsa -b 4096
	ssh-keygen -t rsa -b 4096 -N # [new passphrase (if wanted)]

	# -a = Anzahl der "Verschlüsselungsrunden"
	# Default key on a system: id_ed25519
	ssh-keygen -t ed25519 \
	-a 420 \
	-f "${HOME}/.ssh/mykey.ed25519" \
	-C "A comment for identifying the key!"

	# Single Line SSH Keygen
	ssh-keygen -t ed25519 -a 420 -f "${HOME}/.ssh/mykey.ed25519" -C "A comment for identifying the key!"

	# Single Line SSH Keygen - simplified (use default settings for "encryption count param" -a)
	ssh-keygen -t ed25519 -f "${HOME}/.ssh/mykey" -C "a_comment_for_key_identification"

	# Interactive Input:
	# - Name for private key: for example bjesuiter@zephir-mbp-15
	# - Password for private key: save in JB_SSH.kdbx

	# Set Key Permission (when copied into ~/.ssh from outside
	# replace 'private_key' with the name of your private key file
	chmod 600 ~/.ssh/private_key

	# Fix permissions
	chmod 700 ~/.ssh
	chmod 644 ~/.ssh/config
	chmod 644 ~/.ssh/authorized_keys
	chmod 644 ~/.ssh/known_hosts