Re: process to generate a new RSA Connection key. -- MIDRANGE-L

Stefan,
I take it if a host doesn't exist in the config, it will just use the
values provided?
or will it blow up with a "host not found" type of error?

On Tue, Dec 5, 2023 at 8:39 AM <stefan@xxxxxxxxxx> wrote:

Hi Gerald,

When I have a need of using multiple keys for a user ( that seems to
happen over time quite frequently ) I normally create a streamfile named
config in the user's .ssh directory. Use CCSID 819.
Be careful to only give the user *rw authority to the file, otherwise
issues might occur.
In the file you can put entries like:

Host host1
Hostname sftp.filetransfer.company.com
Identityfile ~/.ssh/nameofprivatekey
User remoteuser

Host host2
Hostname 123.123.123.123
Port 33333
Identityfile ~/.ssh/nameofanotherprivatekey
User remoteuser2

And so on........

Your commandline will then be as easy as

sftp host1

Also notice Jacks remark about naming the key-files when you execute the
ssh-keygen command.
But it's a good safety routine to backup/rename current key-pair before
creating a new pair.

Best regards

Stefan

--
No trees were killed in the sending of this message, but a large number of
electrons were terribly upset.

Stefan Tageson
+46 732 369934
stefan@xxxxxxxxxx

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Gerald Magnuson
Sent: Monday, December 4, 2023 9:55 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: process to generate a new RSA Connection key.

I have been struggling with this for too long, so I'll just ask some
obvious questions.
We SSH to many different customers/vendors, but use the SAME profile (i.e.
same /home/USERPRF/.ssh path/key)
Is this normal/ proper/ crazy as heck ?

I see that SSH keys "don't expire", but a vendor requires we have a new
key every 2 years. is there a process to only generate a new public for
them, leaving the other public key alone that all the other cust/vend use?

On Mon, Dec 4, 2023 at 11:34 AM Gerald Magnuson <
gmagqcy.midrange@xxxxxxxxx>
wrote:

The process I have to create a new RSA connection key (current key is
about to expire) is to first save "id_rsa" and "id_rsa.pub" with a
yyyy extension.
then "ssh-keygen –t rsa –N “” "
then rename the new id_rsa, id_rsa.pub files with new expire year (2
years)
then rename the first files back.
the next process is to send the new id_rsa.pub file to our bank for
"testing and approval".
when approved, we can set the new files to "active" (drop the year
extension).
and send the new public key to the other vendors we connect to via ssh.

we only use one ibm i user profile for all of our ssh communications.

I don't think this is how it is supposed to work, but I can't find
good instructions on "renewing" a RSA connection key.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.