Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure private key
Top Forums UNIX for Dummies Questions & Answers Secure private key Post 302624409 by abdul.irfan2 on Monday 16th of April 2012 08:34:27 AM
Old 04-16-2012
Secure private key
Hello all,

We have unix environment and we would like to use ssh public and private key to move between server using ssh. I do know how to test this and have it up and running on some sandbox...but my question is how would one secure the PRIVATE KEY....we are not using a passphrase...and i know looking at all the BEST PRACTICE the first thing said is have a passphrase....besides the passphrase how can we make sure/protect our keys (permissions are set to 600)...here is the setup...

server1 have my private key
server 2 has public key
server 3 has public key
server 4 has public key

we are going to use server1 as our hub to move/ssh to other server...so how would i secure/protect my private key on server1.... like i mentioned we do not want to use passphrase...any other things we can do on server1 to make sure my private key is secure?? Just wanted to get some thoughts...and please keep in mind i am not a system administrator...
 

9 More Discussions You Might Find Interesting

1. Programming

Passphrase protection of private key

Hi all, I have written a Java program to generate RSA public and private keys. I am writing the keys to a file and reading from it when required to encryption or decryption. I want to protect the private key file using a passphrase. Can anyone tell me how to do it? :( Thanks. (2 Replies)
Discussion started by: Treasa
2 Replies

2. UNIX for Dummies Questions & Answers

SSL Public key/Private question

Hi everyone, I have a quick/newb question: I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys?? Does the Web Server hold both? Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies

3. Shell Programming and Scripting

Rename .pub and private key

I wish to generate a id_dsa.pub and id_dsa (Public and Private Key) in a common user group. I have checked the .ssh directory and i have already found id_dsa.pub and id_dsa existing. Is that OK if i create both the keys in my home direcotry, rename it to jjj.pub and jjj and move to Common user... (1 Reply)
Discussion started by: vasuarjula
1 Replies

4. Solaris

Multiple private key to be uploaded

I would like to ask if you have a procedure on how to upload multiple private key for multiple users in solaris? I was only able to add one but when I tried to add several key, it fails. example: a. user1: user1.ppk b. user2: user2.ppk Each with different password on the server. Pls advise (6 Replies)
Discussion started by: lhareigh890
6 Replies

5. UNIX for Dummies Questions & Answers

Extracting a Private key from a keystore?

Hi everyone! I know you can extract public keys from a keystore using the keytool command. But what is the process to extract a private key from a jks keystore and import into another jks keystore using keytool? Any guidance would be greatly appreciated! I can't seem to find anything, I do... (0 Replies)
Discussion started by: Keepcase
0 Replies

6. Red Hat

ssh private key passwordless authentication

Hello, Need a suggestion to setup private key passwordless authentication. I am not sure this can done or not :wall: here is the sincerio I have two servers, sever1 with a user "user1" and servera with usera here dataflow: usera from servera, will pull/push files to server1 on user1... (2 Replies)
Discussion started by: bobby320
2 Replies

7. Shell Programming and Scripting

Private Key

I have two types of files pubring.pkr secring.skr secring.skr is encrypted and not able to read. How can i read secring.skr in text format after decrypting ? is there any way of decrypting this file? Unix HP - UX Version. (4 Replies)
Discussion started by: airesh
4 Replies

8. OS X (Apple)

Using a private key with SSH in terminal

Before you get the wrong idea, I am not looking for how to generate one. I have a key from a server admin but I can't figure out how to use it in OS X. I have the key, the address and everything I should need but there doesn't seem to be a step by step on how to install the key and use it in... (4 Replies)
Discussion started by: kylebellamy
4 Replies

9. UNIX for Advanced & Expert Users

Private and public key encryption

Hi, we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have? encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv decrypt -a arcfour -k privatekey.asc... (2 Replies)
Discussion started by: rizwan.shaukat
2 Replies

LEARN ABOUT OPENSOLARIS

ssh-add

ssh-add(1)							   User Commands							ssh-add(1)

NAME

       ssh-add - add RSA or DSA identities to the authentication agent

SYNOPSIS

       ssh-add [-lLdDxX] [-t life] [ file ]...

DESCRIPTION

       The  ssh-add  utility  adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it attempts to add
       all of the files $HOME/.ssh/identity (RSA v1), $HOME/.ssh/id_rsa (RSA v2), and $HOME/.ssh/id_dsa (DSA v2) that exist. If more than  one	of
       the  private  keys  exists, an attempt to decrypt each with the same passphrase will be made before reprompting for a different passphrase.
       The passphrase is read from the user's tty or by running the program defined in SSH_ASKPASS (see below).

       The authentication agent must be running.

OPTIONS

       The following options are supported:

       -d	  Instead of adding the identity, this option removes the identity from the agent.

       -D	  Deletes all identities from the agent.

       -l	  Lists fingerprints of all identities currently represented by the agent.

       -L	  Lists public key parameters of all identities currently represented by the agent.

       -t life	  Sets a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format  speci-
		  fied in sshd(1M).

       -x	  Locks the agent with a password.

       -X	  Unlocks the agent.

ENVIRONMENT VARIABLES

       DISPLAY		If  ssh-add  needs  a  passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If
       SSH_ASKPASS	ssh-add does not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program spec-
			ified  by SSH_ASKPASS and open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from
			a .Xsession or related script.

       SSH_AUTH_SOCK	Identifies the path of a unix-domain socket used to communicate with the agent.

EXIT STATUS

       The following exit values are returned:

       0    Successful completion.

       1    An error occurred.

FILES

       These files should not be readable by anyone but the user. Notice that ssh-add ignores a file if it is accessible by others. It is possible
       to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file.

       If  these  files are stored on a network file system it is assumed that either the protection provided in the file themselves or the trans-
       port layer of the network file system provides sufficient protection for the site policy. If this is not the case, then it  is  recommended
       the key files are stored on removable media or locally on the relevant hosts.

       Recommended names for the DSA and RSA key files:

       $HOME/.ssh/identity	  Contains the RSA authentication identity of the user for protocol version 1.

       $HOME/.ssh/identity.pub	  Contains the public part of the RSA authentication identity of the user for protocol version 1.

       $HOME/.ssh/id_dsa	  Contains the private DSA authentication identity of the user.

       $HOME/.ssh/id_dsa.pub	  Contains the public part of the DSA authentication identity of the user.

       $HOME/.ssh/id_rsa	  Contains the private RSA authentication identity of the user.

       $HOME/.ssh/id_rsa.pub	  Contains the public part of the RSA authentication identity of the user.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ssh(1), ssh-agent(1), ssh-keygen(1), sshd(1M), attributes(5)

SunOS 5.11							    9 Jan 2004								ssh-add(1)
All times are GMT -4. The time now is 06:23 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy