Creating a user's SSH key set

Each user has the ability to create his or her own set of private and public keys. It doesn't matter whether the user's client machine is running Linux, macOS, Cygwin on Windows, or Bash Shell for Windows. In all cases, the procedure is exactly the same.

There are several different types of keys that you can create, and 2,048-bit RSA keys are normally the default. Until very recently, 2,048-bit RSA keys were considered strong enough for the foreseeable future. But now, the most recent guidance from the US National Institute of Standards and Technology (NIST) says to use either an RSA key of at least 3,072 bits or an Elliptic Curve Digital Signature Algorithm (ECDSA) key of at least 384 bits. (You'll sometimes see these ECDSA keys referred to as P-384.) Their reasoning is that they want to get us ready for Quantum Computing, which will be so powerful that it will render any weaker encryption algorithms obsolete. Of course, Quantum Computing isn't practical yet, and so far, it seems to be one of those things that's always just 10 years off in the future, regardless of what year it is. But even if we discount the whole Quantum thing, we still have to acknowledge that even our current, non-quantum computers keep getting more and more powerful. So, it's still not a bad idea to start going with stronger encryption standards.

To see the NIST list of recommended encryption algorithms and the recommended key lengths, go to https://cryptome.org/2016/01/CNSA-Suite-and-Quantum-Computing-FAQ.pdf.

For these next few demos, let's switch over to an Ubuntu 18.04 client. To create a 3072 RSA key pair, just do this:

donnie@ubuntu1804-1:~$ ssh-keygen -t rsa -b 3072

In this case, we're using the -t option to specify that we want an RSA key, and the -b option to specify the bit-length. When prompted for the location and name of the keys, I'll just hit Enter to accept the defaults. You could just leave the private key with a blank passphrase, but that's not a recommended practice.

Note that if you choose an alternative name for your key files, you'll need to type in the entire path to make things work properly. For example, in my case, I would specify the path for donnie_rsa keys as /home/donnie/.ssh/donnie_rsa.

You'll see your new keys in the .ssh directory:

donnie@ubuntu1804-1:~$ ls -l .ssh
total 8
-rw------- 1 donnie donnie 2546 Aug 28 15:23 id_rsa
-rw-r--r-- 1 donnie donnie 573 Aug 28 15:23 id_rsa.pub
donnie@ubuntu1804-1:~$
Note that if you had created the default 2,048-bit keys, the names would have been identical

The id_rsa key is the private key, with read and write permissions only for me. The id_rsa.pub public key has to be world-readable. For ECDSA keys, the default length is 256 bits. If you choose to use ECDSA instead of RSA, do the following to create a strong 384-bit key:

donnie@ubuntu1804-1:~$ ssh-keygen -t ecdsa -b 384

Either way, when you look in the .ssh directory, you'll see that the ECDSA keys are named differently from the RSA keys:

donnie@ubuntu1804-1:~$ ls -l .ssh
total 8
-rw------- 1 donnie donnie 379 May 27 17:43 id_ecdsa
-rw-r--r-- 1 donnie donnie 225 May 27 17:43 id_ecdsa.pub
donnie@ubuntu1804-1:~$

The beauty of elliptic curve algorithms is that their seemingly short key lengths are just as secure as longer RSA keys. And, even the largest ECDSA keys require less computing power than RSA keys. The maximum key length you can do with ECDSA is 521 bits. (Yes, you read that correctly. It's 521 bits, not 524 bits.) So, you may be thinking, Why don't we just go for the gusto with 521-bit keys? Well, it's mainly because 521-bit keys aren't recommended by NIST. There's some fear that they may be subject to padding attacks, which could allow the bad guys to break your encryption and steal your data.

If you take a gander at the man page for ssh-keygen, you'll see that you can also create an Ed25519 type of key, which you'll sometimes see referred to as curve25519. This one isn't included in the NIST list of recommended algorithms, but there are a couple of reasons why some people like to use it.

RSA and DSA can leak private key data when creating signatures if the random number generator of the operating system is flawed. Ed25519 doesn't require a random number generator when creating signatures, so it's immune to this problem. Also, Ed25519 is coded in a way that makes it much less vulnerable to side-channel attacks. (A side-channel attack is when someone tries to exploit weaknesses in the underlying operating system, rather than in the encryption algorithm.)

The second reason why some folk like Ed25519 is precisely because it's not on the NIST list. These are the folk who, rightly or wrongly, don't trust the recommendations of government agencies.

Quite a few years ago, in the early part of this century, there was a bit of a scandal that involved the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG). This was a random number generator that was meant for use in elliptic curve cryptography. The problem was that, early on, some independent researchers found that it had the capability to have back doors inserted by anyone who knew about this capability. And, it just so happened that the only people who were supposed to know about this capability were the folk who work at the US National Security Agency (NSA). At the NSA's insistence, NIST included Dual_EC_DRBG in their NIST list of recommended algorithms, and it stayed there until they finally removed it in April 2014. You can get more details about this at the following links:

https://www.pcworld.com/article/2454380/overreliance-on-the-nsa-led-to-weak-crypto-standard-nist-advisers-find.html

http://www.math.columbia.edu/~woit/wordpress/?p=7045

You can read the details about Ed25519 here: https://ed25519.cr.yp.to/.

There's only one key size for Ed25519, which is 256 bits. So, to create a curve25519 key, just use the following code:

donnie@ubuntu1804-1:~$ ssh-keygen -t ed25519

Here are the keys that I've created:

donnie@ubuntu1804-1:~$ ls -l .ssh
total 8
-rw------- 1 donnie donnie 464 May 27 20:11 id_ed25519
-rw-r--r-- 1 donnie donnie 101 May 27 20:11 id_ed25519.pub
donnie@ubuntu1804-1:~$

There are, however, some potential downsides to ed25519:

  • First, it isn't supported by older SSH clients. However, if everyone on your team is using current operating systems that use current SSH clients, this shouldn't be a problem.
  • The second is that it only supports one certain set key length, which is the equivalent of either 256-bit elliptic curve algorithms or 3,000-bit RSA algorithms. So, it might not be quite as future-proof as the other algorithms that we've covered.
  • Lastly, you can't use it if your organization is required to remain compliant with NIST recommendations.

Okay; there is one other type of key that we haven't covered. That's the old-fashioned DSA key, which ssh-keygen will still create if you tell it to. But, don't do it. The DSA algorithm is old, creaky, and very insecure by modern standards. So, when it comes to DSA, just say No.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.200.197