Questions tagged [keys]
137 questions
48
votes
8 answers
What are best practices for managing SSH keys in a team?
I work with small teams (<10) of developers and admins with the following characteristics:
Most members of the team have >1 personal computer, most of which are portable
Team members have access to 10-50 servers, usually with sudo
I think this is…
Evan Prodromou
- 757
- 1
- 6
- 9
34
votes
4 answers
public key authentication fails ONLY when sshd is daemon
I have no clue on how this happens. The distro is Scientific Linux 6.1 and everything is set up to perform authentication via public key. Yet, when sshd is running as a daemon (service sshd start), it doesn't accept public keys. (To obtain this…
user666412
- 443
- 1
- 4
- 7
31
votes
5 answers
Centralized management system for SSH keys?
We are looking to switch to key-based management of SSH logins, and wonder if there any key-management systems which would allow us to centrally manage the access keys world-wide.
The system should ideally allow issuing key per client, and revoking…
SyRenity
- 3,159
- 11
- 55
- 79
24
votes
5 answers
SSH: Do you use one private/public key pair for each remote machine? Or a single pair for all?
When you want to have public key based ssh logins for multiple machines, do you use one private key, and put the same public key on all of the machines? Or do you have one private/public key pair for each connection?
Nick
- 4,433
- 29
- 67
- 95
23
votes
3 answers
How can I properly sign a package I modified and recompiled?
I ran dpkg-buildpackage after getting a apt-get source nginx of a backports version of nginx and modifying debian/rules to include the uwsgi module. The last results of the command were:
dpkg-deb: building package `nginx' in…
meder omuraliev
- 1,701
- 3
- 20
- 30
16
votes
4 answers
How do I setup sshd on Mac OS X to only allow key-based authentication?
I have a Mac OS X machine (Mac mini running 10.5) with Remote Login enabled. I want to open the sshd port to the Internet to be able to login remotely.
For security reasons I want to disable remote logins using passwords, allowing only users with a…
Christian Berg
- 481
- 1
- 3
- 8
12
votes
3 answers
How to generate new, 2048-bit Diffie-Hellman parameters with Java keytool?
We are non-experts trying - unsuccessfully so far - to update our web server (JBoss-5.1.0.GA) settings to meet Diffie-Hellman standards. After running a test on https://weakdh.org/sysadmin.html, we are told that we need to "generate new, 2048-bit…
user2072931
- 145
- 1
- 2
- 6
10
votes
6 answers
Enforce SSH key passwords?
I'm looking at removing password-based logins for SSH. However, I don't want to allow passwordless ssh keys, as that would be even worse.
How can I make sure that only SSH keys which have passwords can connect?
If this can't be done, are there…
Lee B
- 3,380
- 1
- 17
- 15
10
votes
3 answers
SSH key problems: Not a RSA1 key file unknown key type '-----BEGIN'
A backuppc server is able to sign into remote machines as root and backup them up, but if I sign in as the backuppc user and try to ssh into these machines using the same key, the key is rejected with the following debug output:
OpenSSH_5.3p1,…
HAL9000
- 139
- 1
- 3
- 8
10
votes
1 answer
where does RPM install custom GPG keys?
Where does CentOS/RHEL 6 store custom GPG keys? I thought /etc/pki/rpm-gpg but I installed nginx's key but unable to find it. I see it was imported properly but where is it?
wget http://nginx.org/keys/nginx_signing.key
rpm --import…
user1973314
- 131
- 2
- 3
- 8
9
votes
1 answer
Can an AWS CloudFormation create a KeyPair to subsequently use when starting instances?
I would like to launch my stack using a keypair that is created as part of the CloudFormation.
Is that possible?
....
"Resources": {
"ReverseProxyKeyPair": {
"Type": "AWS::EC2::KeyPair",
"Properties": {
"KeyName":…
Peter Mounce
- 1,243
- 4
- 16
- 28
9
votes
4 answers
What does this ssh error mean?
This is my last resort. I've been trying to figure out the problem here for hours.
Here's the deal: I have copied my private key from machine #1 onto machine #2. Machine #1 is able to connect via ssh to a server with my public key just fine, but…
kevin
- 91
- 1
- 1
- 3
9
votes
15 answers
How to manage rack keys?
As a result of a security audit there's the need to lock the racks and manage the keys:
Keep the keys safe
Record key usage
Complying with these two requirements has many challenges as there are a lot of possible sysadmins and netadmins (around…
chmeee
- 7,270
- 3
- 29
- 43
8
votes
2 answers
SSH keys management system
I'm looking to switch from password based (which I starting to become overwhelmed with) to SSH keys based system.
I'd like to know if there any SSH keys management system or server solution, which would allow me to distribute and revoke keys over…
SyRenity
- 3,159
- 11
- 55
- 79
7
votes
3 answers
Trying to install SSL: Private key does not match certificate
I am trying to reinstall SSL on a domain where the previous certificate expired. I have removed the old certificate and I am attempting to install the new certificate I purchased from NameCheap in Web Host Manager per these instructions:…
alan
- 71
- 1
- 1
- 2