Re: [heroes] SSH key help

10 Jun 2020


      On 10/06/2020 17.58, Joel Gordon wrote:
...
On Wed, 2020-06-10 at 15:01 +0200, Carlos E. R. wrote:
...
On 08/06/2020 23.12, Carlos E. R. wrote:
Now that I have the VPN setup and changed the password on
<https://freeipa.infra.opensuse.org/> (Comment: Firefox warns about
its
certificate, I guess there is some authority certificate I can add
from
somewhere :-?), the next step is to upload my ssh key. I'm about to
generate it with "ssh-kyegen", but there are many types of keys:
“dsa”,
“ecdsa”, “ed25519”, or “rsa”. There are also several format types.
Well this is a bit like throwing chum to sharks and asking someone to
jump in the water. I assume you have already used google and found many
differing opinions? First off I'm not an encryption expert.
Oh, it is not the first time I generate those keys. If they are for my 
computers, I do the choosing, if it is for an external site I prefer to 
ask ;-)
...
I would not use DSA as you cannot generate a key larger than 1024...
ssh-keygen -b 4096 -t dsa
Invalid DSA key length: must be 1024 bits
There are differences in the length of time it takes to encrypt
information using each of these key types and lengths. I think 2048 is
a minimum length by today's standards, with many electing to use 4096.
There is a time vs strength trade off. IF you are using the key to scp
large files, to a locked down environment, you may choose time over
strength. If you are using the key for a shell you may want to choose
strength over time. Nothing is stopping you from having more than 1 key
either. Like passphrases I personally have several.
Yes, I've been purposely vague, as I don't think this is a
question/decision that you should offload to someone else. I hope I
provided enough information to prompt you to find better answers.
...
Then I suppose I have to upload the public key file.
This usually means adding the key, or having the key added to
/home/USER/.ssh/authorized_keys
On FreeIPA I believe it is stored in the 389 directory server. Though
I'm not all that familiar with FreeIPA.
There is a click button to submit the file to that server :-)

Ok, I'll try tomorrow with something.
...
...
Sorry if I ask many questions, but as it is not my own system I do
not
want to make many mistakes ;-)
N�����r��y隊X^�����칻�&ޢ��������'��-���w�zf�����>�	ޮ�^�ˬz��
-- 
Cheers / Saludos,

		Carlos E. R.
		(from 15.1 x86_64 at Telcontar)