Help on learning proper SSH with public key

"Please leave a message at the beep, we will get back to you when your support contract expires."

Moderators: phlip, Prelates, Moderators General

Help on learning proper SSH with public key

Postby Steax » Wed Feb 15, 2012 4:15 am UTC

So I've never really known much about SSH nor public-key cryptography, although I've meddled with them before and understand the concepts behind them. I eventually figured out how to work them out, but today I need a sanity check. Most of what I know was taught by my mentors and teachers, so I need to get up-to-date.

Goal: Obtain the SSH public key information to send to NearlyFreeSpeech.Net by generating the keys myself.

Here's how I'm currently doing it: (On OSX, but I'd imagine it to be much the same as any linux system)


1. Pull up terminal, do a
Code: Select all
ssh-keygen -t rsa -b 4096

and supply a password. This generates id_rsa and id_rsa.pub.
Issue with this step: NFSN doesn't allow a "debian weak key blacklist" and I'm not sure what exactly that would be. Some poking around reveals "affected keys: anything past 2006, generated by openssl, ssh-keygen, etc." Does this only affect debian systems, meaning I'm unaffected?


2.Typically I'd just append the .pub one to the usual authorized_keys2 file, put the id_rsa one in my .ssh folder, and have at it.
Issue with this step: NFSN asks me for "the key in OpenSSH (one-line) format". What is this, and how do I obtain it? Is it the plaintext of the ssh file? If I open that, I get
Code: Select all
ssh-rsa [base64 data] [my local computer username]

Does that local computer username matter, and can I change it? Am I assuming all this is the "one-line format" NFSN asks me for?

Thanks!
In Minecraft, I use the username Rirez.
User avatar
Steax
SecondTalon's Goon Squad
 
Posts: 3037
Joined: Sat Jan 12, 2008 12:18 pm UTC

Re: Help on learning proper SSH with public key

Postby phlip » Wed Feb 15, 2012 6:34 am UTC

Re part 1: That's only a problem if you're (a) running Debian (or a Debian-derived system, like Ubuntu), and (b) haven't updated your system since mid 2008, when the bug was found and fixed.

Basically, there was a 2 year stretch where Debian shipped with a broken version of OpenSSL that would only generate one of 32767 possible keys (and some of those much often than others) - not very good security. The lists of possible keys are widely distributed, and there are tools to check if your key is one of them. It sounds like NFSN does this automatically, so it'll tell you if your key is bad. It probably won't be.

Re part 2: Yes, the contents of the .pub file is the "one-line format" it's asking for. The user@computer part is just a label - you can change it by passing "-C new_comment" to ssh-keygen - it doesn't have to match your username or anything, all that matters is that it's the same in both the public and private keys (ssh-keygen will ensure this).
While no one overhear you quickly tell me not cow cow.
but how about watch phone?
User avatar
phlip
Restorer of Worlds
 
Posts: 7174
Joined: Sat Sep 23, 2006 3:56 am UTC
Location: Australia

Re: Help on learning proper SSH with public key

Postby Steax » Wed Feb 15, 2012 9:21 am UTC

Thanks! Looks like the answers were easier than I thought they'd be. And looks like the stuff I learned through kludging tutorials together worked pretty well.
In Minecraft, I use the username Rirez.
User avatar
Steax
SecondTalon's Goon Squad
 
Posts: 3037
Joined: Sat Jan 12, 2008 12:18 pm UTC


Return to The Help Desk

Who is online

Users browsing this forum: No registered users and 3 guests