Your browser does not allow storing cookies. We recommend enabling them.

SSH

Host Key

Enabling Elliptic Curve Host Keys

Add the ECDSA host-key algorithms (remove any key sizes you do not wish to allow) within the <connection> section of your ssh-server-config.xml:

<hostkey-algorithm name="ecdsa-sha2-nistp256" />
<hostkey-algorithm name="ecdsa-sha2-nistp384" />
<hostkey-algorithm name="ecdsa-sha2-nistp521" />
<hostkey-algorithm name="ssh-dss" />
<hostkey-algorithm name="ssh-rsa" />
<hostkey-algorithm name="ssh-dss-sha256@ssh.com" />
<hostkey-algorithm name="ssh-rsa-sha256@ssh.com" />
<hostkey-algorithm name="x509v3-sign-dss" />
<hostkey-algorithm name="x509v3-sign-rsa" />
<hostkey-algorithm name="x509v3-sign-dss-sha256@ssh.com" />
<hostkey-algorithm name="x509v3-sign-rsa-sha256@ssh.com" />
[Note]Note

To enable ECDSA host keys for X.509, add also the following hostkey-algorithm names: x509v3-ecdsa-sha2-nistp256, x509v3-ecdsa-sha2-nistp384, x509v3-ecdsa-sha2-nistp521.

Once the configuration has been amended to use the ECDSA host-key algorithms you can create the ECDSA host key.

Creating ECDSA Host Key

Create the ECDSA host key using ssh-keygen-g3. For more information on ssh-keygen-g3, refer to the Tectia Server Administrator Manual.

[Note]Note

You must ensure your SSH client can accept an ECDSA host key.

The following command will add an ECDSA host key to your SSH Server. By default, a 256-bit key is generated. (The -b option can be used to define the size of the key.)

Using ssh-keygen-g3 with –t (type), –H (host key) and –P (no passphrase):

[root@host ~]# ssh-keygen-g3 -t ecdsa -H -P
Generating 256 bits ECDSA key on nistp256 curve

Key generated.
256-bit ecdsa, root@host.example.com, Wed Aug 26 2015 10:00:00 +0100
Private key saved to /etc/ssh2/hostkey
Public key saved to /etc/ssh2/hostkey.pub

After you have made the changes, you must stop and start the server to take the new configuration into use:

# /etc/init.d/ssh-server-g3 stop
# /etc/init.d/ssh-server-g3 start



Want to see how PrivX can help your organisation?

Are you a DEVELOPER accessing cloud hosts, are you a IT ADMIN managing access & credentials in your corporation, are you BUSINESS MANAGER and want to save money or are you responsible of IT SECURITY in DevOps