A project for COURSENAME by YOUR NAME OR GROUPMEMBER NAMES during the SEMESTER YEAR.
This project was begun on DATE and is anticipated to take X AMOUNT OF TIME. (Upon completion you can correct this with the actual length).
State the purpose of this project. What is the point of this project? What do we hope to accomplish by undertaking it?
Go from this (old and busted default sshd):
In order to successfully accomplish/perform this project, the listed resources/experiences need to be consulted/achieved:
State the idea or purpose of the project. What are you attempting to pursue?
Upon approval, you'll want to fill this section out with more detailed background information. DO NOT JUST PROVIDE A LINK.
Providing any links to original source material, such as from a project page, is a good idea.
You'll want to give a general overview of what is going to be accomplished (for example, if your project is about installing a web server, do a little write-up on web servers. What is it, why do we need one, how does it work, etc.)
Give a general overview of your anticipated implementation of the project. Address any areas where you are making upfront assumptions or curtailing potential detail. State the focus you will be taking in implementation.
State and justify the attributes you'd like to receive upon successful approval and completion of this project.
The actual steps taken to accomplish the project. Include images, code snippets, command-line excerpts; whatever is useful for intuitively communicating important information for accomplishing the project.
## -C "Comment", not needed for host keys ## -p Request to change passphrase ## -f <filename> Output filename of key file ## DSA: **NO LONGER ALLOWED; OpenSSH >=7.0 $> ssh-keygen -f /etc/ssh/ssh_host_dsa_key \ -t dsa \ # -t <type> Key type -N '' # -N '' New (blank) passphrase ## ECDSA: *OpenSSH >=5.7 $> ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key \ -t ecdsa \ # -t <type> Key type -N '' # -N '' New (blank) passphrase ## ED25519: All keys 256-bit , *OpenSSH >=6.5 $> ssh-keygen -f /etc/ssh/ssh_host_ed25519_key \ -t ed25519 \ # -t <type> Key type -N '' \ # -N '' New (blank) passphrase -o \ # -o bcrypt key derivation function, implied with ED25519 -a 100 # -a <#> Number of rounds for bcrypt key derivation ## RSA: Min:1024, Recommended/Default:2048, Max:16384 $> ssh-keygen -f /etc/ssh/ssh_host_rsa_key \ -t rsa \ # -t <type> Key type -b 4096 \ # -b <bits> Number of bits in the key -N '' \ # -N '' New (blank) passphrase -o \ # -o bcrypt key derivation function, implied with ED25519 -a 100 # -a <#> Number of rounds for bcrypt key derivation ## PKCS#8 SSH Private Keys # Convert: Convert a private SSH key into PKCS#8 format $> mv ~/.ssh/id_rsa ~/.ssh/id_rsa.old $> openssl pkcs8 -topk8 -v2 des3 \ -in ~/.ssh/id_rsa.old \ -out ~/.ssh/id_rsa $> chmod 600 ~/.ssh/id_rsa # Check that the converted key works; if yes, delete the old one $> rm ~/.ssh/id_rsa.old # # Revert: Convert a PKCS#8 key back into a private SSH key $> mv ~/.ssh/id_rsa ~/.ssh/id_rsa.pkcs8 # Decrypt the key with openssl $> openssl pkcs8 \ -in ~/.ssh/id_rsa.pkcs8 \ -out ~/.ssh/id_rsa $> chmod 600 ~/.ssh/id_rsa # Re-encrypt the key using the traditional SSH key format $> ssh-keygen -f ~/.ssh/id_rsa -p
## Create /etc/ssh/moduli if non-existent # Generate moduli candidates # -b is the length of the prime + 1 bit, (4096 -> 4095-bit) # -M increase the memory used, 127(MiB) is the maximum. $> ssh-keygen -G /etc/ssh/moduli.all -b 4096 -M 127 # Test the candidates # -f specifies the file with the candidates. # -a sets the number of tries for Miller-Rabin per candidate, 100 by default. $> ssh-keygen -T /etc/ssh/moduli.safe -f /etc/ssh/moduli.all -a 100 $> mv /etc/ssh/moduli.safe /etc/ssh/moduli $> rm /etc/ssh/moduli.all ## Strengthen /etc/ssh/moduli by removing moduli that are < 2048-bits $> awk '$5 > 2000' /etc/ssh/moduli > "${HOME}/moduli" # check for empty file $> wc -l "${HOME}/moduli" $> mv "${HOME}/moduli" /etc/ssh/moduli
## file: /etc/ssh/ssh_config HashKnownHosts yes # https://www.github.com/ specific options Host github.com MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512 # All other host options Host * ConnectTimeout 30 KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr ServerAliveInterval 10 # Enables sharing multiple sessions over a single network connection. ControlMaster auto ControlPersist yes # Location of a control socket for connection sharing. ControlPath ~/.ssh/socket-%r@%h:%p
## File: /etc/ssh/sshd_config Protocol 2 HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Again, if there is associated code with the project, and you haven't already indicated how to run it, provide a sample run of your code:
lab46:~/src/cprog$ ./hello Hello, World! lab46:~/src/cprog$
Comments/thoughts generated through performing the project, observations made, analysis rendered, conclusions wrought. What did you learn from doing this project?
In performing this project, the following resources were referenced: