Freebsd Generate Ssh Host Key

| 08-05-2021
[RAND-1-100] Comments

The ssh-keygen program can be used for generating additional host keys or for replacing existing keys. Known Host Keys. SSH clients store host keys for hosts they have ever connected to. These stored host keys are called known host keys, and the collection is often called known hosts.

How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?
You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.

  1. I am working on an embedded device that runs FreeBSD and SSH. As you know, sshd likes to randomly generate a set of server keys when it first boots up. The problem is that we will be shipping the product with a read-only sd-card filesystem (non-negotiable). My two options as I see them are: Ship the same sshd server keys on all devices.
  2. This is a guide for setting up an Apple Mac OS X workstation with SSH key-based authentication to a remote FreeBSD server. I won’t go into any detail about these protocols or try to make a case for using them. If you’re reading this, you probably already have a basic grounding on SSH, SFTP.
  3. If a passphrase is used in ssh-keygen (1), the user will be prompted for a password each time in order to use the private key. A SSH protocol version 2 DSA key can be created for the same purpose by using the ssh-keygen -t dsa command. This will create a public/private DSA key for use in SSH.
Advertisements

Why create a new host key files?

You may need a new key file:

  1. Your system is compromised.
  2. Your keys are stolen.
  3. You forgotten the passphrase.
  4. Your application need a new host key.
  5. You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
  6. You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.

ssh-keygen Syntax

The syntax is:

Example

Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:
$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:
$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Sample outputs:

Type the following commands to verify the keys:
$ ls -l $HOME/.ssh/myapp/
Sample outputs:

You can now use keys with your app:
$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d

ADVERTISEMENTS

Freebsd generate ssh host key fingerprint

The SSH protocol recommended a method for remote login and remote file transfer which provides confidentiality and security for data exchanged between two server systems. The SSH depends upon the use of public key cryptography. The OpenSSH server offers this kind of setup under Linux or Unix-like system. This how-to covers generating and using ssh public keys for automated usage such as:

Advertisements
  1. Automated Login using the shell scripts
  2. Making backups
  3. Run commands from the shell prompt and more
  4. Login without password

How to configure SSH Public key-based authentication for a Linux/Unix

The steps and commands are as follows:

  1. On your local system type: ssh-keygen
  2. Install public key into remote server: ssh-copy-id user@remote-server-ip-name
  3. Use ssh for password less login: ssh user@remote-server-ip-name

Let us see all commands in details.

Generating SSH Keys

First, log on to your workstation. For example, log on to workstation called admin.fbsd.nixcraft.org as vivek user. Please refer the following sample setup. You will be logged in, on your local system, AS THE USER you wish to make passwordless ssh connections.
To create the cryptographic keys on your local system powered by FreeBSD/Linux/macOS/ UNIX workstation, enter:
ssh-keygen -t rsa
Assign the pass phrase (press [enter] key twice if you don’t want a passphrase). It will create 2 files in ~/.ssh directory as follows:

  • ~/.ssh/id_rsa : identification (private) key
  • ~/.ssh/id_rsa.pub : public key

Freebsd Regenerate Ssh Host Keys

How to copy a public ley (~/.ssh/id_rsa.pub) to your server

Use the scp command to copy the id_rsa.pub (public key) from your local system to rh9linux.nixcraft.org remote server as authorized_keys file, this is know as, “installing the public key to server”:
scp ~/.ssh/id_rsa.pub vivek@rh9linux.nixcraft.org:~/.ssh/authorized_keys
Another option is to use the ssh-copy-id command as follows from your local workstation:
ssh-copy-id user@remote-box
ssh-copy-id -i ~/.ssh/id_rsa.pub vivek@rh9linux.nixcraft.org

How to login to your remote server using SSH keys

From your local system (e.g. FreeBSD/macOS/Linux/Unix workstation) type the following command:
ssh user@remote-box
ssh vivek@rh9linux.nixcraft.org

Changing the pass-phrase on workstation

Freebsd Generate Ssh Host Key Hack

To change a passphrase for your ssh keys, use the ssh-keygen command as follows:
ssh-keygen -p
OR
cd ~/.ssh/
ssh-keygen -f id_rsa -p

How to use ssh-agen command

You can use the ssh-agent command to avoid continues passphrase typing at the CLI:
ssh-agent $SHELL
ssh-add
Now ssh server will not use prompt for the password. Above two commands can be added to your ~/.bash_profile file so that as soon as you login into workstation you can set the agent.

Deleting the keys hold by ssh-agent

To list keys, enter:
ssh-add -l
To delete all keys, enter:
ssh-add -D
To remove specific key, enter:
ssh-add -d key

See also:

  • Man pages: sshd(8),ssh(1),ssh-add(1),ssh-agent(1)

Generating A New Ssh Key

ADVERTISEMENTS