Re: Need a tutorial

To: debian-user@lists.debian.org
Subject: Re: Need a tutorial
From: Gene Heskett <gheskett@shentel.net>
Date: Thu, 22 Sep 2016 11:55:24 -0400
Message-id: <[🔎] 201609221155.24197.gheskett@shentel.net>
In-reply-to: <[🔎] 20160922120256.GB4798@tuxteam.de>
References: <[🔎] 201609211018.55216.gheskett@shentel.net> <[🔎] 201609220709.53518.gheskett@shentel.net> <[🔎] 20160922120256.GB4798@tuxteam.de>

On Thursday 22 September 2016 08:02:56 tomas@tuxteam.de wrote:

> On Thu, Sep 22, 2016 at 07:09:53AM -0400, Gene Heskett wrote:
> > On Thursday 22 September 2016 03:44:28 Lars Noodén wrote:
> > > On 09/21/2016 11:39 PM, Gene Heskett wrote:
> > > > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote:
> > >
> > > ...
> > >
> > > >> man ssh-keygen
> > > >> http://mywiki.wooledge.org/SshKeys
> > > >
> > > > I knew there was something about generating keys, but not the
> > > > sticky details.
> > >
> > > If you have multiple servers or multiple remote accounts, you will
> > > end up with at least one key pair per account+server.  So you will
> > > also need a way to keep track of them.  One way it to make use of
> > > the -C and -f options to add a comment inside the key and to name
> > > the key files to something mnemonic.
> >
> > Now that would be very handy.
> >
> > > As far as the key choices go, DSA is considered deprecated, at
> > > least in the more recent versions:
> > >
> > > 	"Support for ssh-dss, ssh-dss-cert-* host and user keys
> > > 	will be run-time disabled by default"
> > > 	 - http://www.openssh.com/txt/release-6.9
> > >
> > > So that leaves RSA if you have old versions of the OpenSSH server
> > > to deal with.  Probably 2048 bits or more is good for a while.
> > > Otherwise, consider Ed25519.
> >
> > This I am not familiar with. Is there an explanatory url?
>
> In general:
>
>  
> https://debian-administration.org/article/530/SSH_with_authentication_
>key_instead_of_password
>
This one starts out good, but the comments section contains corrections 
that really should be incorporated into the main post itself.  I may run 
it thru some local editing just to get everything in order. In the 
meantime what I have working on the new machine is working but with 
passwords.

> On key choice:
>
>  
> http://security.stackexchange.com/questions/23383/ssh-key-type-rsa-dsa
>-ecdsa-are-there-easy-answers-for-which-to-choose-when

Can ssh-keygen make the newer ones above? I see in a key acceptance 
conversation that it apparently can do the ecdsa. So maybe I shouldn't 
worry. 

> regards
> -- t

Thanks, I think this answers the question nicely.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: Need a tutorial
  - From: Lars Noodén <lars.nooden@gmail.com>

References:
- Need a tutorial
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Need a tutorial
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Need a tutorial
  - From: <tomas@tuxteam.de>

Prev by Date: Re: Failed to execute child process (no such file or directory), but the script DOES exist in $HOME/bin, openbox users, especially take a look, please.
Next by Date: Re: Resolved: Failed to execute child process (no such file or directory), but the script DOES exist in $HOME/bin, openbox users, especially take a look, please.
Previous by thread: Re: Need a tutorial
Next by thread: Re: Need a tutorial
Index(es):
- Date
- Thread