On Thursday 22 September 2016 08:02:56 [email protected] wrote: > On Thu, Sep 22, 2016 at 07:09:53AM -0400, Gene Heskett wrote: > > On Thursday 22 September 2016 03:44:28 Lars Noodén wrote: > > > On 09/21/2016 11:39 PM, Gene Heskett wrote: > > > > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote: > > > > > > ... > > > > > > >> man ssh-keygen > > > >> http://mywiki.wooledge.org/SshKeys > > > > > > > > I knew there was something about generating keys, but not the > > > > sticky details. > > > > > > If you have multiple servers or multiple remote accounts, you will > > > end up with at least one key pair per account+server. So you will > > > also need a way to keep track of them. One way it to make use of > > > the -C and -f options to add a comment inside the key and to name > > > the key files to something mnemonic. > > > > Now that would be very handy. > > > > > As far as the key choices go, DSA is considered deprecated, at > > > least in the more recent versions: > > > > > > "Support for ssh-dss, ssh-dss-cert-* host and user keys > > > will be run-time disabled by default" > > > - http://www.openssh.com/txt/release-6.9 > > > > > > So that leaves RSA if you have old versions of the OpenSSH server > > > to deal with. Probably 2048 bits or more is good for a while. > > > Otherwise, consider Ed25519. > > > > This I am not familiar with. Is there an explanatory url? > > In general: > > > https://debian-administration.org/article/530/SSH_with_authentication_ >key_instead_of_password > This one starts out good, but the comments section contains corrections that really should be incorporated into the main post itself. I may run it thru some local editing just to get everything in order. In the meantime what I have working on the new machine is working but with passwords.
> On key choice: > > > http://security.stackexchange.com/questions/23383/ssh-key-type-rsa-dsa >-ecdsa-are-there-easy-answers-for-which-to-choose-when Can ssh-keygen make the newer ones above? I see in a key acceptance conversation that it apparently can do the ecdsa. So maybe I shouldn't worry. > regards > -- t Thanks, I think this answers the question nicely. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
