Using ssh-keygen to Generate SSH Keys - with Attention to SSH Key Management

The SSH protocol uses public key cryptography for authenticating hosts and users. These keys, jointly called SSH keys, are created using the ssh-keygen program.

SSH introduced public key authentication as a more secure alternative to the older .rhosts authentication. SSH keys (or public key authentiation) served to improve security, but it has turned out that many organizations have failed to manage their SSH keys properly. This document also discusses the risks and compliance issues related to unmanaged SSH keys.

Passwordless Login and Automated Access

SSH public key authentication enables secure login to servers without the need to type in the user's password and without having to rely on IP addresses for authentication.

Public key authentication with SSH keys is very commonly used for automation. SSH keys allow automated file transfers between systems and applications (using SFTP). SSH keys enable secure command execution on remote systems. They are used for backups. They are used for application integration. They are used by individual system administrators to implement single-sign-on, to be able to log into servers without having to type their password every time.

SSH key based access differs from most other authentication mechanisms in that the access is permanent, and normal users are able to provision new access credentials to themselves and their friends. In an enterprise environment, this can introduce significant security problems that are discussed below.

Provisioning Access Using SSH Keys

The user key provisioning for SSH is a straightforward process. Traditionally, a key pair is first created using ssh-keygen and then copied to a server using ssh-copy-id. In more modern and controlled environments, proper SSH key management processes and tools are used.

Creating an SSH Key Pair with ssh-keygen

In the screenshot below, the user runs the ssh-keygen key generation utility and stores the generated keys in files:

  1. Public key in: my_key.pub
  2. Private key in: my_key

Generating an SSH key with ssh-keygen

During the key creation process, the program asks the user for a passphrase. The passphrase is a way to restrict the use of the private key, and adds a layer of security for interactive user logins. When the created key pair is to be used for automated connections the passphrase is typically left blank, which means that the private key will be stored in a file without any encryption. In this case, the file basically acts as a fancy password to the server, and anyone having access to the contents of the file is able to access the server (although from-stanzas in authorized_keys can be used to limit this).

In the example, the key pair without a passphrase is usable by anyone who obtains a copy of the private key.

Our newly generated sample key is a 2048-bit RSA key. It complies with the NIST recommended key length and offers considerable added security over even the longest imaginable password.

Copying the Public Key to the SSH Server Host

For the SSH key based authentication to be possible, the SSH server needs a copy of the user’s public key.

Once the user’s public key is in the authorized_keys file of the SSH server the server will allow access to any connecting user that can prove possession of the corresponding private key.

SSH implementations include a utility for copying public key files to servers - ssh-copy-id. This utility simplifies and automates the manual process of SSH access provision.

SSH Keys and SSH Key Management in Large-scale Deployments

The flipside of the use of SSH keys is that while they are easy to create and provision, in larger environments their uncontrolled use inevitably leads to massive identity and access management problems. Since information security starts from knowing who has access to what systems and data, this causes massive regulatory compliance problems and significant security risks. We have found that many large enterprises have several million SSH keys authorizing access, and 90% of them have often been unused, with around 10% granting root access.

SSH keys have no expiration date, and any user is able to provision permanent access for themselves and their friends. They can be combined with SSH tunneling to leave permanent backdoors into an enterprise. Without proper key management, there is no way to remove keys that are no longer needed, and no way to change keys when they have been compromised.

Unmanaged SSH key based access provisioning in public companies can violate Sarbanes-Oxley, and in the case of access to financial systems, can lead to career-ending criminal and civil liability for top management, including CEO and CFO. In health care, HIPAA requires controlling access to health information, with fines to individual companies in the past exceeding $5m. In the US government, FISMA and NIST SP 800-53 require management of SSH keys in about 20 different controls (see control mapping in NIST IR 7966. Any company that processes credit card payments must follow PCI DSS, and Section 7 requires controlling who has access to credit card data. In each case, SSH keys provide access just like user names and passwords, and that access must be properly controlled to meet regulatory compliance.

Universal SSH Key Manager is a tool used by many of the world's largest enterprises for managing their SSH key based access.

ssh-keygen Command and Option Summary

The ssh-keygen utility provides a number of options. The summary below presents some of the more interesting and important of those.

For example, the following command creates a 2048 bit RSA key with passphase secrettobe_used and key comment This is a test key, stored in file keyfile:

ssh-keygen -b 2048 -t rsa -N secrettobe_used -C This is a test key -f keyfile

The following options are commonly used:

-b “Bits”
This option specifies the number of bits in the key. The regulations that govern the use case for SSH may require a specific key length to be used. In general, 2048 bits is considered to be sufficient for RSA keys.

-e “Export”
This option allows reformatting of existing keys between the OpenSSH key file format and the format documented in RFC 4716, “SSH Public Key File Format”.

-p “Change the passphrase” This option allows changing the passphrase of a private key file with [-P old_passphrase] and [-N new_passphrase], [-f keyfile].

-t “Type” This option specifies the type of key to be created. Commonly used values are: - rsa for RSA keys - dsa for DSA keys - ecdsa for elliptic curve DSA keys

-i Input When ssh-keygen is required to access an existing key, this option designates the file.

-f File Specifies name of the file in which to store the created key.

-N New Provides a new passphrase for the key.

-P Passphrase Provides the (old) passphrase when reading a key.

-c Comment Changes the comment for a keyfile.

-p Change the passphrase of a private key file.

-q Silence ssh-keygen.

-v Verbose mode.

-l Fingerprint Print the fingerprint of the specified public key.

-B Bubble babble Shows a bubble babble (Tectia format) fingerprint of a keyfile.

-F Search for a specified hostname in a known_hosts file.

-R Remove all keys belonging to a hostname from a known_hosts file.

-y Read a private OpenSSH format file and print an OpenSSH public key to stdout.

This only listed the most commonly used options. For full usage, including the more exotic and special-purpose options, see the ssh-keygen manual page.

Tectia SSH Implementation

The chapters above highlight and present the usage and options for the common open source version of ssh-keygen. This version is available freely in many operating systems.

As the original inventor of the SSH protocol, SSH Communications Security offers a commercially supported, enterprise-grade implementation of the SSH protocol for business-critical and regulated applications. For more information see Tectia SSH.

The Tectia SSH includes a version of the ssh-keygen-g3, which provides comparable functionality. For technical documentation of this implementation, see Tectia Support Pages.