You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/TRUEConnector/prerequisite.md
+10-9Lines changed: 10 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -64,8 +64,7 @@ AllowUsers sshUser1 sshUser2...
64
64
65
65
### Create SSH public and private keys for user accessing host machine
66
66
67
-
As a first step, a key-pair needs to be created. This is usually done on the server.
68
-
With the following command a new key-pair is created.
67
+
As the first step, a key pair needs to be created. Following best security practices, each ***user*** generates their asymmetric key pair and securely shares the public key with the OS administrator for implementation at the OS level. The following command is used to create a new key pair.
*`-b 4096` - specifies the key length, 4096 offers a good balance between security and performance, providing strong protection against brute-force attacks without being overly taxing on system resources.
77
76
*`-f ~/.ssh/desktop_key-rsa` - specifies the filename for the key file
78
77
79
-
In order to create the key, you will be asked for a password. This is the password for your key. It is recommended and considered as best practice (and also security related) to enter passphrase. It will be used as security step, avoiding the usage of a stolen or lost private key. The result of this command should be two files. The file "\~/.ssh/desktop_key-rsa" which is the private-key file, and the file "~/.ssh/desktop_key-rsa.pub" which contains your public-key file.
80
-
This public-key and private-key will be securely transferred to the client. This means that keys are transferred to the client machine without exposing the content of the file, following best practices for delivering files containing sensitive data, such are password protected zip archive, uploading to some storage, and providing link to the responsible user, admin approaching to the client and copying key file from USB stick, or whatever is applicable and most suitable for the company.
78
+
Using `-t rsa -b 4096` with `ssh-keygen` is essential for creating RSA keys of 4096 bits, improving security. The algorithm employed in the SSH communication protocol is the 4096-bit RSA asymmetric encryption algorithm. This method of key generation guarantees that the SSH keys for authentication are robust and secure against unauthorized access
79
+
80
+
In order to create the key, you will be asked for a password. This is the password for your key. It is recommended and considered as best practice (and also security related) to enter passphrase. It will be used as security step, avoiding the usage of a stolen or lost private key. The result of this command should be two files. The file "\~/.ssh/desktop_key-rsa" which is the private-key file, and the file "~/.ssh/desktop_key-rsa.pub" which contains your public-key file.
81
+
After the process is completed, the ***user*** must securely transfer the public-key to the OS administrator. This entails transferring the public-key without exposing the file's contents, following best practices for delivering files containing sensitive data. These practices may include using a password-protected zip archive, uploading to secure storage and providing a link to the responsible OS administrator, physically approaching the OS administrator and copying the key file from a USB stick, or employing any other applicable and suitable method for the company.
81
82
82
83
public-key needs to be added to the authorized keys. To make sure we do not override any already configured authorized key,
83
84
we add the public-key to the authorized_keys file. If the file does not yet exist, it will create it automatically:
For maintaining securityadministrators should perform a periodic refresh of SSH keys. This process should be conducted every three months (minimal, or even on lesser time frame if security policy requires). During each update cycle, the administrator is responsible for generating new SSH keys for all end users and ensuring the invalidation of previous keys. This practice ensures that any potential security risks associated with compromised or outdated keys are mitigated.
120
+
To maintain security, OS administrators must periodically refresh SSH keys. This process must occur every three months (minimal, or even on lesser time frame if security policy requires). During each update cycle, administrators are responsible for informing users that they need to generate a new key pair and securely transfer the new public key. Failure to do so will make previous authorized keys invalid. This practice ensures that potential security risks associated with compromised or outdated keys are mitigated.
120
121
121
-
To facilitate this process, the following steps should be diligently followed:
122
+
To facilitate this process, the following steps must be diligently followed:
122
123
123
-
* Generate New SSH Keys: Admins should create new SSH key pairs for each user.
124
+
* Generate New SSH Keys: Users must create new SSH key pairs.
124
125
125
-
* Distribute New Keys Securely: Once new keys are generated, they should be securely transferred to the end users.
126
+
* Distribute New Keys Securely: Once new keys are generated, the public-key must be securely transferred to OS administrator.
126
127
127
128
* Update the authorized_keys File: The new public keys must be added to the authorized_keys file on the server, replacing the old keys.
128
129
@@ -135,7 +136,7 @@ To facilitate this process, the following steps should be diligently followed:
135
136
* Review and Test: After updating, conduct a thorough review and testing to ensure that only the new keys are operational and that server access is functioning as expected with the updated keys.
136
137
137
138
138
-
By regularly updating SSH keys every three months, administrators will enhance the security of server access, making sure these keys effectively protect against unauthorized entry.
139
+
By regularly updating SSH keys every three months, OS administrators will enhance the security of server access, making sure these keys effectively protect against unauthorized entry.
0 commit comments