SSH Public and Private Keys
Lecture, Dr. Lawlor
Rather than building your own crypto infrastructure from scratch,
you can use public and private keys for network authentication with
You can generate an elliptic
curve digital signature algorithm private key with:
ssh-keygen -t ecdsa -b 521 -f ~/.ssh/id_ecdsa
You can dump the contents of an elliptic curve private key with:
openssl ec -in ~/.ssh/id_ecdsa -noout -text
For the private key we generated in class, this dumps:
Private-Key: (521 bit)
We can verify this using the following code for my ecc_lib library (Zip or Tar-gzip, updated again for the
parameters of this curve).
ASN1 OID: secp521r1
So the key looks fine, but my old Ubuntu 10.04 server doesn't
support ECDSA authentication. For that machine, I need to
generate an RSA key:
ECcoord priv; priv.readHex(
std::cout<<"ECDSA private key="<<priv.hex()<<"\n";
std::cout<<"ECDSA public key="<<pub.x.hex()<<" , "<<pub.y.hex()<<"\n";
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa
Note you need way more bits for the same security with an RSA
key. You might as well use enough bits, because on modern
hardware, an RSA exchange with a ridiculously huge 8192 bit key only
takes 0.1 seconds longer than a bare-minimum 768 bit key.
To log in to the server using this key, add contents of
~/.ssh/id_rsa.pub to the server's ~/.ssh/authorized_keys file.
You can then log in using the private key (which should stay
protected on your local machine, not go out to the server).