Confirmed users
502
edits
Security/Guidelines/OpenSSH: Difference between revisions
Automated sync from https://github.com/mozilla/wikimo_opsec
Gdestuynder (talk | contribs) (https://github.com/mozilla/wikimo_opsec/commit/a815077e89c1bcc04878f2c92b43f1e957d67816#diff-d358013794c93b4f7a5a16fb31ba20d4) |
Gdestuynder (talk | contribs) (Automated sync from https://github.com/mozilla/wikimo_opsec) |
||
| Line 10: | Line 10: | ||
|- | |- | ||
| <span style="color:green;">'''READY'''</span> || | | <span style="color:green;">'''READY'''</span> || | ||
* Version 2.0: kang: fix typo, ed25519 requires OpenSSH 6.4+ | |||
* Version 1.9: kang: updates for OpenSSH 7 | * Version 1.9: kang: updates for OpenSSH 7 | ||
* Version 1.8: kang/[[User:JanZerebecki|JanZerebecki]]: default to AES-GCM since AES-CTR also disclose packet length. | * Version 1.8: kang/[[User:JanZerebecki|JanZerebecki]]: default to AES-GCM since AES-CTR also disclose packet length. | ||
| Line 217: | Line 218: | ||
<source code="bash"> | <source code="bash"> | ||
# ED25519 keys are favored over RSA keys when backward compatibility is not required. | # ED25519 keys are favored over RSA keys when backward compatibility is not required. | ||
# This is only compatible with OpenSSH | # This is only compatible with OpenSSH 6.4+ and fixed-size (256 bytes). | ||
$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz" | $ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz" | ||