LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-18-2015, 08:01 PM   #1
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Rep: Reputation: Disabled
keygen question


Will this command create a key-pair that is sufficiently secure...
Code:
ssh-keygen -t rsa -b 2048
Thanks,


Rob
 
Old 11-18-2015, 08:05 PM   #2
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,471
Blog Entries: 11

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
Rob:
It's what I've been using lately, a la:
Code:
ssh-keygen -f $HOME/.ssh/my_ssh_key -t rsa -b 2048 -N '' -q
No questions key generation.
 
Old 11-18-2015, 08:07 PM   #3
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,691

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by RobInRockCity View Post
Will this command create a key-pair that is sufficiently secure...
Code:
ssh-keygen -t rsa -b 2048
This depends on the computing power the cracker has. But I'd say 2048 bits is OK.
 
Old 11-18-2015, 08:09 PM   #4
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Rob:
It's what I've been using lately, a la:
Code:
ssh-keygen -f $HOME/.ssh/my_ssh_key -t rsa -b 2048 -N '' -q
No questions key generation.
Care to explain what these do...
Code:
-f $HOME/.ssh/my_ssh_key 

-N '' -q
 
Old 11-18-2015, 08:10 PM   #5
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by berndbausch View Post
This depends on the computing power the cracker has. But I'd say 2048 bits is OK.
I am trying to create a key pair so I can use CyberDuck to log into my VPS keylessly.

Thanks,


Rob
 
Old 11-18-2015, 08:10 PM   #6
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian
Posts: 1,054

Rep: Reputation: 279Reputation: 279Reputation: 279
If a nation-state has enough interest in you to devote several super-computers full-time, for a considerable time, to cracking your key, then you might consider increasing the key size. But for normal people, 2048 is sufficient.
 
Old 11-18-2015, 08:15 PM   #7
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sgosnell View Post
If a nation-state has enough interest in you to devote several super-computers full-time, for a considerable time, to cracking your key, then you might consider increasing the key size. But for normal people, 2048 is sufficient.
Kim Jong-un and I have made up, so I think I'm good in that area.
 
Old 11-18-2015, 08:20 PM   #8
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,471
Blog Entries: 11

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
Quote:
Originally Posted by RobInRockCity View Post
Care to explain what these do...
Code:
-f $HOME/.ssh/my_ssh_key 

-N '' -q
Code:
man ssh-keygen
shows
Code:
-N new_passphrase
             Provides the new passphrase.
...
-q      Silence ssh-keygen

Last edited by Habitual; 11-18-2015 at 08:45 PM.
 
Old 11-18-2015, 08:24 PM   #9
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post

Code:
man ssh-key
shows
Code:
-N new_passphrase
             Provides the new passphrase.
...
-q      Silence ssh-keygen
When I typed man ssh-key in my MacBook I got...

Quote:
No manual entry for ssh-key

If you don't put -N then it won't prompt for a passphrase?

And what does "silence" mean?
 
Old 11-18-2015, 08:45 PM   #10
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,471
Blog Entries: 11

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
Code:
man ssh-keygen
Sorry.
 
Old 11-19-2015, 03:22 AM   #11
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,691

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by RobInRockCity View Post
Kim Jong-un and I have made up, so I think I'm good in that area.
And Barack?
 
Old 11-19-2015, 11:48 PM   #12
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Is the following tutorial correct from a technical standpoint? (It certainly reads well.)

Make a passwordless SSH Connection between OS-X and Linux Server

As a *nix newbie, I can't comment on the correctness of all the *nix commands, other than the choice of the # of bits is too low.

Thanks,


Rob
 
Old 11-20-2015, 06:52 AM   #13
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,471
Blog Entries: 11

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
but the tutorial is showing how to make a 1024 key.
 
Old 11-20-2015, 10:07 AM   #14
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
but the tutorial is showing how to make a 1024 key.
Right, but I think the rest of the steps in the tutorial look okay. But since I'm not a *nix expert, I don't know.

So...
 
Old 11-20-2015, 10:36 AM   #15
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,471
Blog Entries: 11

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
Quote:
Originally Posted by RobInRockCity View Post
Right, but I think the rest of the steps in the tutorial look okay. But since I'm not a *nix expert, I don't know.

So...
That's a sad and sorry excuse.
Be responsible. redo the screenshot and update the textual instructions for 2048.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-keygen keys question cygnus-x1 Linux - General 3 02-27-2008 03:39 PM
dnssec-keygen jittinan2 Linux - Software 1 12-20-2007 04:07 AM
dnssec-keygen jittinan2 Linux - Server 0 12-20-2007 03:53 AM
keygen and genrsa yogaboy Linux - Security 1 12-15-2006 11:30 AM
How to ssh-keygen? Baran Linux - Networking 5 04-26-2005 02:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration