Re: [heroes] SSH key help

On Wed, 2020-06-10 at 15:01 +0200, Carlos E. R. wrote:

On 08/06/2020 23.12, Carlos E. R. wrote:

Now that I have the VPN setup and changed the password on <https://freeipa.infra.opensuse.org/> (Comment: Firefox warns about its certificate, I guess there is some authority certificate I can add from somewhere :-?), the next step is to upload my ssh key. I'm about to generate it with "ssh-kyegen", but there are many types of keys: “dsa”, “ecdsa”, “ed25519”, or “rsa”. There are also several format types. Well this is a bit like throwing chum to sharks and asking someone to jump in the water. I assume you have already used google and found many differing opinions? First off I'm not an encryption expert. I would not use DSA as you cannot generate a key larger than 1024...

ssh-keygen -b 4096 -t dsa Invalid DSA key length: must be 1024 bits There are differences in the length of time it takes to encrypt information using each of these key types and lengths. I think 2048 is a minimum length by today's standards, with many electing to use 4096. There is a time vs strength trade off. IF you are using the key to scp large files, to a locked down environment, you may choose time over strength. If you are using the key for a shell you may want to choose strength over time. Nothing is stopping you from having more than 1 key either. Like passphrases I personally have several. Yes, I've been purposely vague, as I don't think this is a question/decision that you should offload to someone else. I hope I provided enough information to prompt you to find better answers.

Then I suppose I have to upload the public key file.

This usually means adding the key, or having the key added to /home/USER/.ssh/authorized_keys On FreeIPA I believe it is stored in the 389 directory server. Though I'm not all that familiar with FreeIPA.

Sorry if I ask many questions, but as it is not my own system I do not want to make many mistakes ;-)

N�����r��y隊X^�����칻�&ޢ��������'��-���w�zf�����>� ޮ�^�ˬz��