Re: Generating ssh key pairs
One thing that could be done would be to roll a bash script which would run ssh-keygen with acceptable parameters for the system in use and in that bash script have a note displayed telling users how and why to generate good pass phrases and collect the pass phrase from the user and have ssh-keygen create each key pair in a user's space. I have many passwords in use as do we all and use braille to store those since it is in itself a form of encryption and I know how to apply additional encryption to written passwords and pass phrases as well. Since pass phrases are not recoverable if lost it may be useful for users to encrypt pass phrases as they write those on paper and generate them with the bash script. The apg utility with parameters acceptable to the system might be run inside a bash script to offer a list of choices to a user to speed the creation of key sets too. This way, users not extremely familiar with ssh-keygen who don't like to read man pages could generate system-acceptable key sets. On Tue, 12 Jan 2016, Dan Ritter wrote: Date: Tue, 12 Jan 2016 11:22:14 From: Dan Ritter <d...@randomstring.org> To: Steve Matzura <s...@noisynotes.com> Cc: debian <debian-user@lists.debian.org> Subject: Re: Generating ssh key pairs Resent-Date: Tue, 12 Jan 2016 16:22:35 + (UTC) Resent-From: debian-user@lists.debian.org On Mon, Jan 11, 2016 at 03:57:24PM -0500, Steve Matzura wrote: Dan, On Mon, 11 Jan 2016 14:15:53 -0500, Dan wrote: In general, you want your SFTP users to send you their own public keys, and you drop them into ~user/.ssh/authorized_keys That's going to be difficult, as most of my users wouldn't know a public key from their house key (LOL). I was hoping it would be simpler than that. If you generate their key pairs for them, how are you going to safely send them their private keys? If they can't generate a keypair, they probably can't secure it with a passphrase. Generating a keypair is easy for Linux and Mac users, and only slightly more complicated for Windows users. (They have the additional step of installing something like putty.) -dsr- --
Re: Generating ssh key pairs
On 11/01/16 21:57, Steve Matzura wrote: > Dan, > > On Mon, 11 Jan 2016 14:15:53 -0500, Dan wrote: > >> In general, you want your SFTP users to send you their own >> public keys, and you drop them into ~user/.ssh/authorized_keys > > That's going to be difficult, as most of my users wouldn't know a > public key from their house key (LOL). I was hoping it would be > simpler than that. > I'm not about to do it for you, but I would think that it would be fairly straightforward to write a minimal script for them to generate a key pair, and install the public key appropriately on the server. -- Tony van der Hoff| mailto:t...@vanderhoff.org Buckinghamshire, England |
Re: Generating ssh key pairs
On Mon, Jan 11, 2016 at 03:57:24PM -0500, Steve Matzura wrote: > Dan, > > On Mon, 11 Jan 2016 14:15:53 -0500, Dan wrote: > > >In general, you want your SFTP users to send you their own > >public keys, and you drop them into ~user/.ssh/authorized_keys > > That's going to be difficult, as most of my users wouldn't know a > public key from their house key (LOL). I was hoping it would be > simpler than that. > If you generate their key pairs for them, how are you going to safely send them their private keys? If they can't generate a keypair, they probably can't secure it with a passphrase. Generating a keypair is easy for Linux and Mac users, and only slightly more complicated for Windows users. (They have the additional step of installing something like putty.) -dsr-
Re: Generating ssh key pairs
Dan, On Mon, 11 Jan 2016 14:15:53 -0500, Dan wrote: >In general, you want your SFTP users to send you their own >public keys, and you drop them into ~user/.ssh/authorized_keys That's going to be difficult, as most of my users wouldn't know a public key from their house key (LOL). I was hoping it would be simpler than that. >Creating /etc/skel/.ssh/ will make sure that new users get that >directory created for them automatically. I'll do that forthwith.
Generating ssh key pairs
In order to use SFTP, I will be needing to generate key pairs for all my users, all of whom will log into the same directory structure. It seems no one on the system has keys generated, or they're not in what I think is the normal place, ~/.ssh - Should I just create this directory and use ssh-keygen to put the key files there, naming them appropriately for each FTP user?
Re: Generating ssh key pairs
On Mon, Jan 11, 2016 at 01:59:01PM -0500, Steve Matzura wrote: > In order to use SFTP, I will be needing to generate key pairs for all > my users, all of whom will log into the same directory structure. It > seems no one on the system has keys generated, or they're not in what > I think is the normal place, ~/.ssh - Should I just create this > directory and use ssh-keygen to put the key files there, naming them > appropriately for each FTP user? In general, you want your SFTP users to send you their own public keys, and you drop them into ~user/.ssh/authorized_keys That way they can guard their private keys appropriately. Creating /etc/skel/.ssh/ will make sure that new users get that directory created for them automatically. -dsr-
