To remove an existing key, manually edit /.ssh/authorizedkeys. If the encrypted version of your private key is leaked, revoke the key and generate a new one IMMEDIATELY. To successfully copy the key, you need to enter the remote users password. Copying individual keys selectively can be done with gpg -export-secret-key and gpg -import. The attacker's job is further simplified by the fact that the structure of a PGP private key is publicly known, so known-cleartext attacks can be attempted. Make sure you destroy the encrypted file after running this! On a small file like a private key bruteforcing the password is fairly trivial and can be done in a matter of weeks to months depending on the hardware available to the attacker. This will prompt for your password, then decrypt and import the key. To import the key on the other machine, run: gpg -no-use-agent -output - keys.asc | gpg -import Use the ssh-keygen command to create a SSH key using the RSA key type. Once the key has been authorized for SSH. Type the above command in your terminal and replace user and remote-host with your username and the hostname/IP of the. Open a Command Prompt by pressing the Windows key and search for CMD. Once an SSH key has been created, the ssh-copy-id command can be used to install it as an authorized key on the server. This option can be speci- fied multiple times and can be combined with the -l option. The following options are available: -i file Copy the public key contained in file. You can do this with the ssh-copy-id command: ssh-copy-id -i /.ssh/idrsa.pub userremote-host. The ssh-copy-id utility copies public keys to a remote hosts /.ssh/authorizedkeys file (creating the file and directory, if required). Let me know that I am missing anything or not. So the verification happens with the email id or the encrypted key Because in both cases the encrypted key will be different. Then transfer the keys.asc on a FAT-formatted flash and shred them afterwards, or if you know how to destroy CDs (ENTIRELY), use a CD and then destroy it. Now that you have created your SSH keys, you need to add the public key to your remote server. So my understanding is, 'The public key(.pub) is just a file with my email id' and I can create another one with the same email id. Use either a very long or just entirely random password for the encryption. Gpg -armor -output secret-key.asc -symmetric -cipher-algo AES256 as SuperJames said, the best answer is ssh-copy-id but note that it doesnt do what youre asking, it does what you should do: use a different key pair and install both on the server. Here's how:įirst, export the public key: gpg -output public-key.gpg -export |\ Encrypt your private key with a long password and decrypt it on the target computer. Even the copy command is special because you must mount your Windows drive in the subsystem.
0 Comments
Leave a Reply. |