[kwlug-disc] Stronger SSH keys and SSL certificates

Khalid Baheyeldin kb at 2bits.com
Sun Apr 20 13:12:19 EDT 2014


Needless to say that recent events and government actions warrants more
paranoia ...

So, to that effect, what options should one use to have the SSH keys
stronger?
How many bits? What options for ssh key gen should be used?

And for SSL certificates, what options do you use to make the certificates
as strong as they can be?
For example, I use the following script for self signed certificates. How
can this be improved?

#!/bin/sh

KEY=server.key
REQ=server.csr
CRT=server.crt

cd ~/cert
# Generate a key
openssl genpkey -algorithm rsa -out $KEY
# Generate a certificate signing request
openssl req -new -sha1 -nodes -key $KEY -out $REQ
# Create a self signed certificate
openssl x509 -req -days 365 -in $REQ -signkey $KEY -out $CRT
# Copy it to the server
cp $CRT /etc/ssl/certs
cp $KEY /etc/ssl/private


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140420/72c6eb18/attachment.html>


More information about the kwlug-disc mailing list