LoginSignup
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

@KEINOS(KEINOS)inQiitadonユーザー会

`ssh-keygen` で使われる OpenSSL と OpenSSH のバージョン確認

Last updated at Posted at 2021-05-28

How to check OpenSSL version for ssh-keygen

OpenSSH 7.8 以降から秘密鍵のフォーマットが変わったのですが、openssl version では OpenSSL のバージョンがわかりません。

$ openssl version
bash: openssl: command not found

"ssh-keygen" how to check openssh version」でググっても、ドンピシャの記事が出てこないので、自分のググラビリティGoogle-abilityとして。

TL; DR (今北産業)

  1. ssh -V で確認できます
    OpenSSH->v8.4, OpenSSL->1.1.1
    $ ssh -V
OpenSSH_8.4p1, OpenSSL 1.1.1k  25 Mar 2021
  2. 変更点:秘密鍵を出力する際のデフォルト書式を OpenSSH 独自の PEM 形式に変更した
    • 秘密鍵が -----BEGIN OPENSSH PRIVATE KEY----- で始まれば新書式(OpenSSH の PEM 形式、OpenSSH 7.8 以降)
    • 秘密鍵が -----BEGIN RSA PRIVATE KEY----- で始まれば旧書式(RSA の場合の PEM 形式、OpenSSH 7.8 より前)
  3. 従来の書式の問題点-----BEGIN RSA PRIVATE KEY----- のように、暗号鍵に使われているアルゴリズムが記載されていたり、パスフレーズ付きの秘密鍵の場合、PEM の仕様に基づきパスフレーズに関する情報(使用アルゴリズムなど)が記載されていたが、鍵流出時のオフライン攻撃(ローカルでの総当たり攻撃など)を避けるため、鍵情報のみを記載することとした
7.8より前のOpenSSH(Proc-TypeやDEK-Infoが含まれる)
$ docker pull vulhub/openssh:7.7
**snip**

$ docker run --rm -it vulhub/openssh:7.7 /bin/bash
# ssh -V
OpenSSH_7.7p1, OpenSSL 1.0.2l  25 May 2017

# ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fmgWAYvnZwJPutKiOowsT9xdSpIAMD1TfRriNUfuceU root@3dfabe2ad360
The key's randomart image is:
+---[RSA 4096]----+
|=. ......   .    |
| o+ ..=+o  o     |
|  .+oo+*+ . E    |
|   ..O.. +       |
|    + = S        |
| . o = B o       |
|+ = + o = .      |
|+= o   o .       |
|=o.              |
+----[SHA256]-----+

# cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,7CC4054FD052C0CDBB6DEB8654D19BC2

V3YsCBa+5C5IqckmG+/4uGk2JmLCNhY+eND7f8TJvX2zuXB4+5v45SmMzfq/5C+f
**snip**
wfw/BN/qbK/VrwPvkvrOuv3eXI0dQGc6nrApO0iCcxPRAOa0vRkoo4KGIQ+XEZPk
-----END RSA PRIVATE KEY-----
7.8以降のOpenSSH
$ docker pull alpine:latest
**snip**

$ docker run --rm -it alpine /bin/sh
/ # apk add --no-cache openssh
**snip**
OK: 14 MiB in 24 packages

/ # ssh -V
OpenSSH_9.7p1, OpenSSL 3.3.1 4 Jun 2024

/ # ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:mM/8KyzLfPnPY6M+bJ5ZdXEoYfY7Lza3FTDWZGlMd2I root@96f00327eea2
The key's randomart image is:
+---[RSA 4096]----+
|            + E++|
|           o ++*o|
|            .++o.|
|       o    ..o.o|
|      o S     +..|
|       +     . +.|
|       .+o  . + +|
|     o. =.+=+. +o|
|      ++ *X*oo . |
+----[SHA256]-----+

/ # cat /root/.ssh/id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDEIZ6bDw
**snip**
lq/BwGykJyfHo8pQFQNGiY7TQ=
-----END OPENSSH PRIVATE KEY-----

併せて読みたい

1
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?