On Thursday 22 September 2016 08:02:56 to...@tuxteam.de wrote:
> On Thu, Sep 22, 2016 at 07:09:53AM -0400, Gene Heskett wrote:
> > On Thursday 22 September 2016 03:44:28 Lars Noodén wrote:
> > > On 09/21/2016 11:39 PM, Gene Heskett wrote:
> > > > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote:
> > >
> > > ...
> > >
> > > >> man ssh-keygen
> > > >> http://mywiki.wooledge.org/SshKeys
> > > >
> > > > I knew there was something about generating keys, but not the
> > > > sticky details.
> > >
> > > If you have multiple servers or multiple remote accounts, you will
> > > end up with at least one key pair per account+server. So you will
> > > also need a way to keep track of them. One way it to make use of
> > > the -C and -f options to add a comment inside the key and to name
> > > the key files to something mnemonic.
> > Now that would be very handy.
> > > As far as the key choices go, DSA is considered deprecated, at
> > > least in the more recent versions:
> > >
> > > "Support for ssh-dss, ssh-dss-cert-* host and user keys
> > > will be run-time disabled by default"
> > > - http://www.openssh.com/txt/release-6.9
> > >
> > > So that leaves RSA if you have old versions of the OpenSSH server
> > > to deal with. Probably 2048 bits or more is good for a while.
> > > Otherwise, consider Ed25519.
> > This I am not familiar with. Is there an explanatory url?
> In general:
This one starts out good, but the comments section contains corrections
that really should be incorporated into the main post itself. I may run
it thru some local editing just to get everything in order. In the
meantime what I have working on the new machine is working but with
> On key choice:
Can ssh-keygen make the newer ones above? I see in a key acceptance
conversation that it apparently can do the ecdsa. So maybe I shouldn't
> -- t
Thanks, I think this answers the question nicely.
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>