=============
OpenSSH Usage
=============

User
====

Create User Key
---------------

.. code-block:: bash

   ssh-keygen -t rsa -b 4096 -f USER_KEYFILE -C COMMENT

.. role:: small

:small:`Best Practice: Use your email address as comment.`

Change Passphrase on User Key
-----------------------------

.. code-block:: bash

   ssh-keygen -f USER_KEYFILE -p

Recreate Public Key from Private Key
------------------------------------

.. code-block:: bash

   ssh-keygen -f USER_PRIVATE_KEYFILE -y > USER_PUBLIC_KEYFILE

Show Key Fingerprint
--------------------

.. code-block:: bash

   ssh-keygen -f USER_PUBLIC_KEYFILE -l

System Administration
=====================

Create a Certificate Authority (CA) Key
---------------------------------------

.. code-block:: bash

   ssh-keygen -N "" -t rsa -b 4096 -f CA_KEYFILE -C COMMENT

.. role:: small

:small:`Best Practice: Use your email address as comment.`

Create a Host Key
-----------------

.. code-block:: bash

   ssh-keygen -N "" -t rsa -b 4096 -f HOST_KEYFILE -C COMMENT

.. role:: small

:small:`Best Practice: Use your email address as comment.`

Sign Host Key with Certificate Authority
----------------------------------------

.. code-block:: bash

   ssh-keygen -s CA_KEYFILE -I CA_IDSTRING -h -n HOSTNAME,HOSTNAME2 -V +123d HOST_KEYFILE.pub

.. role:: small

:small:`Best Practice: Use a Hostname as your CA ID string.`

Check Key Vulnernability for `DSA-1571-1 <http://www.debian.org/security/2008/dsa-1571>`_
-----------------------------------------------------------------------------------------

.. code-block:: bash

   ssh-vulnkey -v KEYFILE.pub