Re: Generating ssh key pairs

To: Dan Ritter <dsr@randomstring.org>, Steve Matzura <sm@noisynotes.com>, debian <debian-user@lists.debian.org>
Subject: Re: Generating ssh key pairs
From: Jude DaShiell <jdashiel@panix.com>
Date: Tue, 12 Jan 2016 13:00:11 -0500 (EST)
Message-id: <[🔎] alpine.NEB.2.11.1601121249200.29482@panix1.panix.com>
In-reply-to: <[🔎] 20160112162214.GJ6946@randomstring.org>
References: <[🔎] 1bu79b5e95sj6ni006hsvmhg05n87tfiqa@4ax.com> <[🔎] 20160111191553.GH6946@randomstring.org> <[🔎] im589b9ksljfom5v15rolch7459138ro0e@4ax.com> <[🔎] 20160112162214.GJ6946@randomstring.org>

One thing that could be done would be to roll a bash script which wouldrun ssh-keygen with acceptable parameters for the system in use and inthat bash script have a note displayed telling users how and why togenerate good pass phrases and collect the pass phrase from the user andhave ssh-keygen create each key pair in a user's space. I have manypasswords in use as do we all and use braille to store those since it isin itself a form of encryption and I know how to apply additionalencryption to written passwords and pass phrases as well. Since passphrases are not recoverable if lost it may be useful for users toencrypt pass phrases as they write those on paper and generate them withthe bash script. The apg utility with parameters acceptable to thesystem might be run inside a bash script to offer a list of choices to auser to speed the creation of key sets too. This way, users notextremely familiar with ssh-keygen who don't like to read man pagescould generate system-acceptable key sets.


On Tue, 12 Jan 2016, Dan Ritter wrote:

Date: Tue, 12 Jan 2016 11:22:14
From: Dan Ritter <dsr@randomstring.org>
To: Steve Matzura <sm@noisynotes.com>
Cc: debian <debian-user@lists.debian.org>
Subject: Re: Generating ssh key pairs
Resent-Date: Tue, 12 Jan 2016 16:22:35 +0000 (UTC)
Resent-From: debian-user@lists.debian.org

On Mon, Jan 11, 2016 at 03:57:24PM -0500, Steve Matzura wrote:

Dan,

On Mon, 11 Jan 2016 14:15:53 -0500, Dan wrote:

In general, you want your SFTP users to send you their own
public keys, and you drop them into ~user/.ssh/authorized_keys


That's going to be difficult, as most of my users wouldn't know a
public key from their house key (LOL). I was hoping it would be
simpler than that.


If you generate their key pairs for them, how are you going to
safely send them their private keys?

If they can't generate a keypair, they probably can't secure it
with a passphrase.

Generating a keypair is easy for Linux and Mac users, and only
slightly more complicated for Windows users. (They have the
additional step of installing something like putty.)

-dsr-

--

Reply to:

References:
- Generating ssh key pairs
  - From: Steve Matzura <sm@noisynotes.com>
- Re: Generating ssh key pairs
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Generating ssh key pairs
  - From: Steve Matzura <sm@noisynotes.com>
- Re: Generating ssh key pairs
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Generating ssh key pairs
Next by Date: Re: gettext is one minor rev too old
Previous by thread: Re: Generating ssh key pairs
Next by thread: Re: Generating ssh key pairs
Index(es):
- Date
- Thread