Help us understand the problem. What is going on with this article?

brewで入れたOpenSSHでEd25519とECDSAを利用する。

More than 3 years have passed since last update.

Macの標準的な環境ではEd25519とECDSAは使用できません。なので、brewで入れたOpenSSHでEd25519とECDSAを利用します。

まずはUpdateUpgrade

brew update
brew upgrade

tapしてからinstallしていきます。

brew tap homebrew/dupes
brew install openssh --with-brewed-openssl --with-keychain-support

plistを編集します。

sudo  vi /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist

/usr/bin/ssh-agent の箇所を /usr/local/bin/ssh-agentに書き換えます。

<string>/usr/bin/ssh-agent</string> #変更前
<string>/usr/local/bin/ssh-agent</string> #変更後

unloadloadします。

launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist
launchctl load -w -S Aqua /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist

そしてviなどで~/.bash_profileを編集します。
下記を足します。

 eval $(ssh-agent)

 function cleanup {
   echo "Killing SSH-Agent"
   kill -9 $SSH_AGENT_PID
 }

ターミナル再起動させてバージョンを確認。

# 2015-05-05現在
OpenSSH_6.8p1, OpenSSL 1.0.2a 19 Mar 2015

これで利用する為の環境が整います。

ed25519

ssh-keygen -t ed25519
# コメント付き
ssh-keygen -t ed25519 -C "your_email@example.com"

ecdsa

ssh-keygen -t ecdsa -b 256
ssh-keygen -t ecdsa -b 384
ssh-keygen -t ecdsa -b 521
# コメント付き
ssh-keygen -t ecdsa -b 521 -C "your_email@example.com"

公開鍵の登録

ssh-copy-id -i .ssh/id_ecdsa.pub user@remote_host

ssh-copy-idは面倒な設定を自動でやってくれています。

# ssh-copy-id 使えない場合
cat ./.ssh/id_rsa.pub | ssh user@remote_host "cat >> ./.ssh/authorized_keys"

暗号強度のバージョン確認

ssh-keygen -t ecdsa -b 521
ssh-keygen -l -f $HOME/.ssh/id_ecdsa.pub

文字列が表示され、前の3文字が暗号強度。上記の場合521が表示される。

秘密鍵から公開鍵を生成

ssh-keygen -y -f ~/.ssh/ed25519 > ~/.ssh/id_ed25519.pub
Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away