SSH with Elliptic Curve

14/12/2018 - Ted

Use the Ed25519 curve as the ECDSA curve has a shadow over it.

Use this to generate the default identity key file with a password.
ssh-keygen -o -a 100 -t ed25519

For automated processes where a password is not wanted, the password format and round options are not needed. Do not enter a password when prompted.
ssh-keygen -t ed25519

When using automated (password-less) keys, make sure to configure SSH to use ForceCommand or the command="" directive in the authorized_keys file.
Adding "no-pty,no-agent-forwarding,no-port-forwarding" will further lock down the key's access to only the given command.

command="/usr/local/bin/rsync --server -vlogDtprz --delete . /tmp",no-pty,no-agent-forwarding,no-port-forwarding ssh-ed25519 AAAAC3..... user(at)host

You can use ssh-copy-id -p PORT user(at)server to move the key over to the target system to avoid copy'n'paste issues. The shorter keys from ed25519 make this less needed really.

Neuron Tags

SSH with Elliptic Curve

Tags:

Search form

Neuron Tags

User login

SSH with Elliptic Curve

Tags: