Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Secure private key
Top Forums UNIX for Dummies Questions & Answers Secure private key Post 302624409 by abdul.irfan2 on Monday 16th of April 2012 08:34:27 AM
Old 04-16-2012
Secure private key
Hello all,

We have unix environment and we would like to use ssh public and private key to move between server using ssh. I do know how to test this and have it up and running on some sandbox...but my question is how would one secure the PRIVATE KEY....we are not using a passphrase...and i know looking at all the BEST PRACTICE the first thing said is have a passphrase....besides the passphrase how can we make sure/protect our keys (permissions are set to 600)...here is the setup...

server1 have my private key
server 2 has public key
server 3 has public key
server 4 has public key

we are going to use server1 as our hub to move/ssh to other server...so how would i secure/protect my private key on server1.... like i mentioned we do not want to use passphrase...any other things we can do on server1 to make sure my private key is secure?? Just wanted to get some thoughts...and please keep in mind i am not a system administrator...
 

9 More Discussions You Might Find Interesting

1. Programming

Passphrase protection of private key

Hi all, I have written a Java program to generate RSA public and private keys. I am writing the keys to a file and reading from it when required to encryption or decryption. I want to protect the private key file using a passphrase. Can anyone tell me how to do it? :( Thanks. (2 Replies)
Discussion started by: Treasa
2 Replies

2. UNIX for Dummies Questions & Answers

SSL Public key/Private question

Hi everyone, I have a quick/newb question: I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys?? Does the Web Server hold both? Does the Web Server have the public key and does the client have the private key? ... (3 Replies)
Discussion started by: tical00
3 Replies

3. Shell Programming and Scripting

Rename .pub and private key

I wish to generate a id_dsa.pub and id_dsa (Public and Private Key) in a common user group. I have checked the .ssh directory and i have already found id_dsa.pub and id_dsa existing. Is that OK if i create both the keys in my home direcotry, rename it to jjj.pub and jjj and move to Common user... (1 Reply)
Discussion started by: vasuarjula
1 Replies

4. Solaris

Multiple private key to be uploaded

I would like to ask if you have a procedure on how to upload multiple private key for multiple users in solaris? I was only able to add one but when I tried to add several key, it fails. example: a. user1: user1.ppk b. user2: user2.ppk Each with different password on the server. Pls advise (6 Replies)
Discussion started by: lhareigh890
6 Replies

5. UNIX for Dummies Questions & Answers

Extracting a Private key from a keystore?

Hi everyone! I know you can extract public keys from a keystore using the keytool command. But what is the process to extract a private key from a jks keystore and import into another jks keystore using keytool? Any guidance would be greatly appreciated! I can't seem to find anything, I do... (0 Replies)
Discussion started by: Keepcase
0 Replies

6. Red Hat

ssh private key passwordless authentication

Hello, Need a suggestion to setup private key passwordless authentication. I am not sure this can done or not :wall: here is the sincerio I have two servers, sever1 with a user "user1" and servera with usera here dataflow: usera from servera, will pull/push files to server1 on user1... (2 Replies)
Discussion started by: bobby320
2 Replies

7. Shell Programming and Scripting

Private Key

I have two types of files pubring.pkr secring.skr secring.skr is encrypted and not able to read. How can i read secring.skr in text format after decrypting ? is there any way of decrypting this file? Unix HP - UX Version. (4 Replies)
Discussion started by: airesh
4 Replies

8. OS X (Apple)

Using a private key with SSH in terminal

Before you get the wrong idea, I am not looking for how to generate one. I have a key from a server admin but I can't figure out how to use it in OS X. I have the key, the address and everything I should need but there doesn't seem to be a step by step on how to install the key and use it in... (4 Replies)
Discussion started by: kylebellamy
4 Replies

9. UNIX for Advanced & Expert Users

Private and public key encryption

Hi, we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have? encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv decrypt -a arcfour -k privatekey.asc... (2 Replies)
Discussion started by: rizwan.shaukat
2 Replies

LEARN ABOUT DEBIAN

ssh-add

SSH-ADD(1)						    BSD General Commands Manual 						SSH-ADD(1)

NAME

     ssh-add -- adds private key identities to the authentication agent

SYNOPSIS

     ssh-add [-cDdkLlXx] [-t life] [file ...]
     ssh-add -s pkcs11
     ssh-add -e pkcs11

DESCRIPTION

     ssh-add adds private key identities to the authentication agent, ssh-agent(1).  When run without arguments, it adds the files ~/.ssh/id_rsa,
     ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity.  After loading a private key, ssh-add will try to load corresponding certificate informa-
     tion from the filename obtained by appending -cert.pub to the name of the private key file.  Alternative file names can be given on the com-
     mand line.

     If any file requires a passphrase, ssh-add asks for the passphrase from the user.	The passphrase is read from the user's tty.  ssh-add
     retries the last passphrase if multiple identity files are given.

     The authentication agent must be running and the SSH_AUTH_SOCK environment variable must contain the name of its socket for ssh-add to work.

     Any keys recorded in the blacklist of known-compromised keys (see ssh-vulnkey(1)) will be refused.

     The options are as follows:

     -c      Indicates that added identities should be subject to confirmation before being used for authentication.  Confirmation is performed by
	     the SSH_ASKPASS program mentioned below.  Successful confirmation is signaled by a zero exit status from the SSH_ASKPASS program,
	     rather than text entered into the requester.

     -D      Deletes all identities from the agent.

     -d      Instead of adding identities, removes identities from the agent.  If ssh-add has been run without arguments, the keys for the default
	     identities will be removed.  Otherwise, the argument list will be interpreted as a list of paths to public key files and matching
	     keys will be removed from the agent.  If no public key is found at a given path, ssh-add will append .pub and retry.

     -e pkcs11
	     Remove keys provided by the PKCS#11 shared library pkcs11.

     -k      When loading keys into the agent, load plain private keys only and skip certificates.

     -L      Lists public key parameters of all identities currently represented by the agent.

     -l      Lists fingerprints of all identities currently represented by the agent.

     -s pkcs11
	     Add keys provided by the PKCS#11 shared library pkcs11.

     -t life
	     Set a maximum lifetime when adding identities to an agent.  The lifetime may be specified in seconds or in a time format specified in
	     sshd_config(5).

     -X      Unlock the agent.

     -x      Lock the agent with a password.

ENVIRONMENT

     DISPLAY and SSH_ASKPASS
	     If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal.  If ssh-add does
	     not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and
	     open an X11 window to read the passphrase.  This is particularly useful when calling ssh-add from a .xsession or related script.
	     (Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.)

     SSH_AUTH_SOCK
	     Identifies the path of a UNIX-domain socket used to communicate with the agent.

FILES

     ~/.ssh/identity
	     Contains the protocol version 1 RSA authentication identity of the user.

     ~/.ssh/id_dsa
	     Contains the protocol version 2 DSA authentication identity of the user.

     ~/.ssh/id_ecdsa
	     Contains the protocol version 2 ECDSA authentication identity of the user.

     ~/.ssh/id_rsa
	     Contains the protocol version 2 RSA authentication identity of the user.

     Identity files should not be readable by anyone but the user.  Note that ssh-add ignores identity files if they are accessible by others.

EXIT STATUS

     Exit status is 0 on success, 1 if the specified command fails, and 2 if ssh-add is unable to contact the authentication agent.

SEE ALSO

     ssh(1), ssh-agent(1), ssh-keygen(1), ssh-vulnkey(1), sshd(8)

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.

BSD
								 October 18, 2011							       BSD
All times are GMT -4. The time now is 11:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy