• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
Tutorial Comments FAQ Related Articles

How To Manage SSH Host Key Management

  • 00:51 cd /etc/ssh
  • 01:26 ssh-keygen -t rsa -b 4096
  • 02:21 ssh-keygen -t ecdsa -b 521
  • 03:12 ssh-keygen -t ed25519
  • 03:40 ssh root@192.168.7.238
  • 03:58 cd .ssh/
  • 04:07 vim known_hosts
6197

SSH HOST KEY MANAGEMENT

Algorithms

rsa

ecdsa

ed25519

• rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm.

• ecdsa - a new Digital Signature Algorithm standarized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.

• ed25519 - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.

This tutorial explains the management of SSH Host KEY

Process

Enter into the ssh directory

[root@localhost ~]# cd /etc/ssh

List out all file

[root@localhost ssh]# ls -la
total 620
drwxr-xr-x.   2 root root       4096 Oct 29 05:13 .
drwxr-xr-x. 138 root root      12288 Nov  9 15:29 ..
-rw-r--r--.   1 root root     581843 Apr 11  2018 moduli
-rw-r--r--.   1 root root       2276 Apr 11  2018 ssh_config
-rw-------.   1 root root       3907 Apr 11  2018 sshd_config
-rw-r-----.   1 root ssh_keys    227 Oct 29 05:13 ssh_host_ecdsa_key
-rw-r--r--.   1 root root        162 Oct 29 05:13 ssh_host_ecdsa_key.pub
-rw-r-----.   1 root ssh_keys    387 Oct 29 05:13 ssh_host_ed25519_key
-rw-r--r--.   1 root root         82 Oct 29 05:13 ssh_host_ed25519_key.pub
-rw-r-----.   1 root ssh_keys   1675 Oct 29 05:13 ssh_host_rsa_key
-rw-r--r--.   1 root root        382 Oct 29 05:13 ssh_host_rsa_key.pub

To generate the ssh key for rsa using 4096 bits

[root@localhost ssh]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jc7VXc7lP16ZYcWTKAXTUuqf9SMmhi8aI/X9mWRm36g root@localhost.localdomain
The key's randomart image is:
+---[RSA 4096]----+
|           o+o   |
|           .+....|
|           o.. o=|
|         o.... =+|
|       .S o.. .++|
|      .o..o . + *|
|     . ooo + X =+|
|      . o.o O *.=|
|       .. ..E=.o.|
+----[SHA256]-----+

To generate the key for ecdsa using bits

[root@localhost ssh]# ssh-keygen -t ecdsa -b 521
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:+pOwY5X+8RIZ5jTyRsYhA5XjvgCZl9CGvllkvi4XVsA root@localhost.localdomain
The key's randomart image is:
+---[ECDSA 521]---+
|     +.o..       |
|    o E = .      |
|   . O + = .     |
|    = = + O      |
|     * +SX +     |
|    o *.+ *      |
|     o.B +..     |
|    . *.= .o     |
|     + ..o...    |
+----[SHA256]-----+

To generate the key for ed25519

[root@localhost ssh]# ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:Sd26p+e3bfYluQ/MlgahkPLdVQE/XZdf/hw7GIqvjbY root@localhost.localdomain
The key's randomart image is:
+--[ED25519 256]--+
|             ...*|
|         o .  .o=|
|      . + . o .++|
|       + + + + .+|
|        S = + o.+|
|         . o = =o|
|          o . X o|
|         .o+.o.=+|
|        .E++..o==|
+----[SHA256]-----+
[root@localhost ssh]# cd

Go to another terminal and take ssh while taking ssh you can see the ecdsa key is genrarting btween the server

[root@localhost ~]# ssh root@192.168.7.238
The authenticity of host '192.168.7.238 (192.168.7.238)' can't be established.
ECDSA key fingerprint is SHA256:liG+KRtG4h/2UF720mpOk0S1EWgXB3uMVRsdks+h1lc.
ECDSA key fingerprint is MD5:f6:ac:65:9e:10:bf:7b:03:1b:ff:d1:20:48:44:36:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.7.238' (ECDSA) to the list of known hosts.
root@192.168.7.238's password: 
Last login: Sat Nov  9 10:26:11 2019 from 192.168.7.105

Now you can go to .ssh directory

[root@localhost ~]# cd .ssh/

List out the file

[root@localhost .ssh]# ll
total 28
-rw------- 1 root root  365 Nov  9 15:57 id_ecdsa
-rw-r--r-- 1 root root  280 Nov  9 15:57 id_ecdsa.pub
-rw------- 1 root root  419 Nov  9 15:59 id_ed25519
-rw-r--r-- 1 root root  108 Nov  9 15:59 id_ed25519.pub
-rw------- 1 root root 3243 Nov  9 15:54 id_rsa
-rw-r--r-- 1 root root  752 Nov  9 15:54 id_rsa.pub
-rw-r--r-- 1 root root  175 Nov  9 16:00 known_hosts

You can see the ecdsa encrypted key of the server here once the key is generated I will automatically enter to the server

[root@localhost .ssh]# vim known_hosts
192.168.7.238 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGrOEj/+MCQvfmZxOpRUgzjLDjtwNkllOi/UJkCNf504ofsSMsHhpEFQBLe8hDBVoQTsgcC/5CTvfvYPOtxknOA=

Now logout and try to login again

[root@localhost ~]# logout
Connection to 192.168.7.238 closed.

Now it will ask only the password for server

[root@localhost ~]# ssh root@192.168.7.238
root@192.168.7.238's password: 
Last login: Sat Nov  9 11:02:00 2019 from 192.168.7.228

With this,Management of SSH Host Key tutorial comes to an end

Tags:
grayson
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Q

Dropbear is an alternative for SSH server?

A

Dropbear is a relatively small open source SSH 2 server. It runs on a variety of POSIX-based platforms.

Q

How too make the password less login on ssh server?

A

Generate the ssh key for the client machine by using the follwing command "ssh-keygen", Then adding Copy the generated key to the server machine. Once the key is copied to server. it will not

Q

How can I do change the port number for "OpenSSH server" in Linux?

A

Yes, you can change the port number for "OpenSSH-server" in Linux.
1. Open a configuration file of "OpenSSH-server" as "/etc/ssh/sshd_config"
2. Fine the "Port" in the configuration file.
3. There you can set the customized port number for OpenSSH-server. For Ex: "Port 22" to "Port 111".
4. After making the changes, need to restart the "ssh" service.

Q

What is usage of ssh ?

A

An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users.

Q

What is the use of ssh keygen ?

A

Ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

Related Tutorials in How To Manage SSH Host Key Management

Related Tutorials in How To Manage SSH Host Key Management

How To Manage SSH Host Key Management
How To Manage SSH Host Key Management
Dec 12, 2019
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help David Lopez Guillen ?
Ayuda urgente instale SSL para servidor Opensuse y ahora no funciona tengo servicio web

hola segui este tutorial para tener un certificado ssl y ahora no se ve mi app en la red, espero alguien pueda ayudarme, tengo M9oodle en3.5 en un servidor open suse y ahora no funciona por favor ayuda.

https://www.linuxhelp.com/how-to-create-ssl-certificate-in-opensuse

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.