I have used ssh-keygen in the past to create new keys for OpenSSH. But this time I wanted to created a DES3 key or triple DES. In a nutshell this applies the DES (data encryption standard) three times to each data block. The advantage to using DES3 is that it helps mitigate brute-force attacks against your key. Triple DES provides a simple method of increasing the key size of DES to protect against such attacks, without the need to design a completely new block cipher algorithm.
To create your public key, we will utilize openssl-utils. There is a vast amount of options provided by openssl-utils, I will just focus on the use for DES3.
1 2 3 4 5 6 7
$ sudo openssl genrsa -des3 -out key_erik 1024 Generating RSA private key, 1024 bit long modulus ...++++++ .........++++++ e is 65537 (0x10001) Enter pass phrase for key_erik: Verifying - Enter pass phrase for key_erik:
If your key is too short you will get an error from openssl in the form of:
9139:error:0200100D:system library:fopen:Permission denied:bss_file.c:356:fopen('key_erik','w')
Voila, you now have your private key. But alas, a public key is also needed. This is where the ssh-keygen comes into play. There is now the “key_erik” file that is the private key. You must modify the read and write permissions of the private key prior to executing the ssh-keygen command. Thus:
$ sudo chmod 600 key_erik
Then you can execute the ssh-keygen command.
sudo ssh-keygen -y -f key_erik > key_erik.pub Enter passphrase:
Ensure the passphrase matches the passphrase used during the private key generation. Now you have the private and public DES3 keys used for OpenSSH.