Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] The RSA Keying links



As soon as anyone knows the answer to this question, please let us know:

Clearly, sometime after installing your OS, after the OS has gained entropy,
you should generate new server ssh keys.  (And re-generate any SSL/TLS keys
that you may have previously created using openssl without sufficient
entropy.)  The question is, how do you know when your server has gained some
entropy?

Assuming your machine has been on a long time, it should have gained entropy
from hard drive seek times and ethernet behavior by now.  Be aware of the
difference between /dev/random and /dev/urandom.  Generate yourselves some
ssh keys:

sudo mkdir /etc/ssh/oldkeys
sudo mv /etc/ssh/*_key* /etc/ssh/oldkeys

sudo ssh-keygen -q -C "" -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
sudo ssh-keygen -q -C "" -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
sudo ssh-keygen -q -C "" -N "" -t rsa1 -f /etc/ssh/ssh_host_key

sudo chmod 600 /etc/ssh/*_key
sudo chmod 644 /etc/ssh/*_key.pub
sudo chown root:root /etc/ssh/*key*

sudo service sshd restart




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org