Skip to content

Unlocking SSH: Mastering Key Management and Configuration

From generating and organizing keys to optimizing configurations for enhanced security and efficiency, discover the key strategies to elevate your SSH experience. Whether you're a novice or a seasoned user, this guide will empower you to set up perfect SSH configurations with precision and ease

Benchmark ed25519 rounds

rounds="16 32 64 100 150"
num_runs=20

for r in $rounds; do
    printf "Benchmarking 'ssh-keygen -t ed25519 -a %s' on average:\n" "$r"
    total_time=0
    i=1
    while [ $i -le $num_runs ]; do
        start_time=$(date +%s.%N)
        ssh-keygen -t ed25519 -a "$r" -f test -N test >/dev/null 2>&1
        end_time=$(date +%s.%N)
        runtime=$(echo "$end_time - $start_time" | bc)
        total_time=$(echo "$total_time + $runtime" | bc)
        rm test{,.pub} >/dev/null 2>&1
        printf "Run %s: %s seconds\n" "$i" "$runtime"
        i=$((i + 1))
    done
    average_time=$(echo "scale=3; $total_time / $num_runs"| bc)
    printf "Average execution time: %s seconds\n\n" "$average_time"
done

Create ed25519 key

ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/github/id_ed25519-20230114-github -C "user@foo.com"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/elitedesk/id_ed25519-20230114-elitedesk -C "root@localhost"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/nr1.nu/id_ed25519-20230114-nr1 -C "nr1"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/nr3.se/id_ed25519-20230114-nr3 -C "nr3"
ssh-keygen -t ed25519 -o -a350 -f ~/.ssh/windows/id_ed25519-20230114-windows -C "windows sucks"
ssh-keygen -t rsa -b 4096 -o -a350 -f ~/.ssh/router/id_rsa-20230114-router -C "router"

Generate ssh keys

mkdir ~/.ssh/router
ssh-keygen -t rsa -b 8192 -C "\m/d[-_0]\m/" -f .ssh/router/id_rsa

ssh-keygen -t ed25519 -a 250 -C "\m/(-_x)\m/"

Start agent and add keys so we don't has to tyype password everytime

eval `ssh-agent -s`
ssh-agent $SHELL
ssh-add ~/.ssh/github/id_ed25519-20230114-github
ssh-add ~/.ssh/elitedesk/id_ed25519-20230114-elitedesk
ssh-add ~/.ssh/nr1.nu/id_ed25519-20230114-nr1 
ssh-add ~/.ssh/nr3.se/id_ed25519-20230114-nr3
ssh-add ~/.ssh/router/id_rsa-20230114-router
ssh-add ~/.ssh/windows/id_ed25519-20230114-windows

IdentifyFile examples

IdentityFile ~/.ssh/router/id_rsa-20230114-router
IdentityFile ~/.ssh/github/id_ed25519-20230114-github
IdentityFile ~/.ssh/elitedesk/id_ed25519-20230114-elitedesk
IdentityFile ~/.ssh/nr1.nu/id_ed25519-20230114-nr1
IdentityFile ~/.ssh/nr3.se/id_ed25519-20230114-nr3
IdentityFile ~/.ssh/windows/id_ed25519-20230114-windows

Create ssh host keys for server

ssh-keygen -N "" -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -C "root@router"
ssh-keygen -N "" -o -a350 -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -C "root@router"
ssh-keygen -N "" -o -a350 -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -C "root@router"
ssh-keygen -N "" -o -a350 -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -C "root@router"

Set correct permission via character

chmod -R u+rw,go-rwx ~/.ssh/*

Set correct permission via octal

chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa.pub
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chmod 600 ~/.ssh/config

Set correct permissions on server side

mkdir .ssh
chmod g-w ~/.ssh
chmod 600 ~/.ssh/authorized_keys
chmod 600 /etc/dropbear/authorized_keys