Skip to main content
OpenSSH

Choosing Secure SSH-Keys

By August 3, 2017August 12th, 2017One Comment

Choosing Secure SSH-KeysCreating a Key-Pair on Linux or OS X Client

When choosing Secure SSH-Keys, to start with, we must create key-pairs for our client user account. In Linux or OS X, the OpenSSH Client tools will create the keys in the ~/.ssh/ directory. We can use the command ssh-keygen to accomplish this:

$ ssh-keygen -t rsa

This generates an RSA key pair using a 2048 bit key. This is OK, but the bitsize of 2048 is not great with today’s CPUs. If we are using the RSA algorithm, we should use a a bit size of 4096. To specify the bitsize we add the -b option:

$ ssh-keygen -t rsa -b 4096

The 4096 key is used to secure the communication channel between the client and the server or server and client. It is secure but also comes with an overhead in CPU time on both server and client to encrypt and decrypt with the bigger key. To gain some idea of the extra time used with larger key sizes, we can use the openssl command. This has an inbuilt speed test, so we can test the speed of using 1024, 2048 and 4096 bit keys. Doubling the key size more than doubles the complexity of the key encryption. This is a good thing but also comes with a CPU cost:

$ openssl speed rsa1024 rsa2048 rsa4096
                    sign verify sign/s verify/s
 rsa 1024 bits 0.000148s 0.000009s 6774.4 110385.2
 rsa 2048 bits 0.000970s 0.000027s 1031.0 36717.2
 rsa 4096 bits 0.006194s 0.000094s 161.4 10690.5

From the output we should concentrate on the signs and verifys per second. On a 2048 bit key we can sign 1,031 requests per second but only 161 with a 4096 bit key.

A large encryption key is a good idea for security but hampers performance.

Brute-Forcing the Private Key

We still have not secured the private key. Adding a passphrase means the private key is DES encrypted, however, a brute force attack can deliver the passphrase. To help prevent this we can encrypt the private keys multiple times. The cost of this is only in the time taken to open the private key and not in the general communication, so is well worth the investment. Here we run 250 encryption rounds on the private key:

$ ssh-keygen -t rsa -b 4096 -o -a 250

Adding a comment to the key also helps identify the key’s purpose:

$ ssh-keygen -t rsa -b 4096 -o -a 250 -C “Andrew to WebServer RSA 4K”

Better Algorithm

So changing from a 2048 key to a 4096 key is good, protecying the private key with multiple-encrypts rounds is execellent. To have an excellent score card all rounf we need to look at a better algorithm. When choosing secure SSH-Keys we also need to consider the speed of the key. A smaller key is better but can be less secure. If we use a later more modern algorithm we can have a smaller AND more secure key:

$ ssh-keygen -t ed25519  -o -a 250 -C “Andrew to WebServer Edwards Twisted Curve”

Using the Edwards Twisted Curve algorithm we have the best of both worlds, a small key of kust 256 bits but very secure transfer due the nature of the key.

It does show that when choosing secure SSH-Keys we can have out cake and eat it.

Listing Key Properties

The default name to a key-pair will include the algorithm used For example:

  • id_rsa
  • id_ed25519

The key size is fixed for the ED key but not the RSA key. If we want to check the key size and the comment then we can use the option -l and -f to ssh-keygen. This is, of course, also useful where the names of the keys are more random.

$ ssh-keygen -l -f ~/.ssh/id_rsa
 2048 SHA256:iC+rrrGC2O0zw1Rw9FBJQz+KEk9Grot0Hhlc3mwqFsU andrew@andrews-iMac.local (RSA)

The video follows:

Leave a Reply