<div dir="ltr"><div><div>Needless to say that recent events and government actions warrants more paranoia ...<br><br></div>So, to that effect, what options should one use to have the SSH keys stronger?<br></div><div>How many bits? What options for ssh key gen should be used?<br>
<br></div>And for SSL certificates, what options do you use to make the certificates as strong as they can be?<br>For example, I use the following script for self signed certificates. How can this be improved?<br><br>#!/bin/sh<br>
<br>KEY=server.key<br>REQ=server.csr<br>CRT=server.crt<br><br>cd ~/cert<br># Generate a key<br>openssl genpkey -algorithm rsa -out $KEY<br># Generate a certificate signing request<br>openssl req -new -sha1 -nodes -key $KEY -out $REQ<br>
# Create a self signed certificate<br>openssl x509 -req -days 365 -in $REQ -signkey $KEY -out $CRT<br># Copy it to the server<br>cp $CRT /etc/ssl/certs<br>cp $KEY /etc/ssl/private<br><br clear="all"><div><div><div><br>-- <br>
Khalid M. Baheyeldin<br><a href="http://2bits.com" target="_blank">2bits.com</a>, Inc.<br>Fast Reliable Drupal<br>Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>
Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>For every complex problem, there is an answer that is clear, simple, and wrong." -- H.L. Mencken<br>
</div></div></div></div>