Skip to content

Unlocking SSH: Mastering Key Management and Configuration

Delve into the intricacies of SSH key management and configuration with this comprehensive guide.

From generating and organizing keys to optimizing configurations for enhanced security and efficiency, discover the key strategies to elevate your SSH experience. Whether you're a novice or a seasoned user, this guide will empower you to set up perfect SSH configurations with precision and ease

Benchmark ed25519 rounds

for j in 16 32 64 100 150; do
   echo -n "-a $j takes on average";
   for i in {1..20}; do
       ssh-keygen -qa $j -t ed25519 -f test -N test;
       time ssh-keygen -qa $j -N tost -pP test -f test;
       rm test{.pub,};
   done |& grep real | awk -F m '{print $2}' | tr -d s | awk '{sum+=$1} END{print sum/NR}';
done

Create ed25519 key

ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/github/id_ed25519-20230114-github -C "user@foo.com"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/elitedesk/id_ed25519-20230114-elitedesk -C "root@localhost"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/nr1.nu/id_ed25519-20230114-nr1 -C "nr1"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/nr3.se/id_ed25519-20230114-nr3 -C "nr3"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/windows/id_ed25519-20230114-windows -C "windows sucks"
ssh-keygen -t rsa -b 4096 -o -a350 -f ~/.ssh/router/id_rsa-20230114-router -C "router"

Generate ssh keys

mkdir ~/.ssh/router
ssh-keygen -t rsa -b 8192 -C "\m/d[-_0]\m/" -f .ssh/router/id_rsa

ssh-keygen -t ed25519 -a 250 -C "\m/(-_x)\m/"

Start agent and add keys so we don't has to tyype password everytime

eval `ssh-agent -s`
ssh-agent $SHELL
ssh-add ~/.ssh/github/id_ed25519-20230114-github
ssh-add ~/.ssh/elitedesk/id_ed25519-20230114-elitedesk
ssh-add ~/.ssh/nr1.nu/id_ed25519-20230114-nr1 
ssh-add ~/.ssh/nr3.se/id_ed25519-20230114-nr3
ssh-add ~/.ssh/router/id_rsa-20230114-router
ssh-add ~/.ssh/windows/id_ed25519-20230114-windows

IdentifyFile examples

IdentityFile ~/.ssh/router/id_rsa-20230114-router
IdentityFile ~/.ssh/github/id_ed25519-20230114-github
IdentityFile ~/.ssh/elitedesk/id_ed25519-20230114-elitedesk
IdentityFile ~/.ssh/nr1.nu/id_ed25519-20230114-nr1
IdentityFile ~/.ssh/nr3.se/id_ed25519-20230114-nr3
IdentityFile ~/.ssh/windows/id_ed25519-20230114-windows

Create ssh host keys for server

`bash ssh-keygen -N "" -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -C "root@router" ssh-keygen -N "" -o -a350 -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -C "root@router" ssh-keygen -N "" -o -a350 -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -C "root@router" ssh-keygen -N "" -o -a350 -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C "root@router"

Set correct permission via character

chmod -R u+rw,go-rwx ~/.ssh/*

Set correct permission via octal

chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chmod 600 ~/.ssh/config

Set correct permissions on server side

mkdir .ssh
chmod g-w ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 600 /etc/dropbear/authorized_keys