Key9 Identity
  • Welcome To Key9 Identity
  • SSH
    • Installation & Setup
      • MacOS Yubikey Smartcard/PIV instructions.
        • 1. Installation of MacOS software
        • 2. Changing the Yubikey PIN.
        • 3. Generating Keys and Certificates for the Yubikey
        • 4. Enrolling the public key to Key9
        • 5. Testing and configuring SSH
      • Windows Yubikey Smartcard/PIV instructions
        • 1. Installation of Windows software.
        • 2. Getting the system ready for libykcs11.dll
        • 3. Adding libykcs11.dll to SSH configurations.
        • 4. Generating Keys and Certificates for the Yubikey
        • 5. Enrolling the public key to Key9
        • 6. Testing your SSH key.
      • OpenSSH with Yubikey / FIDO2 protected keys
        • 1. Prerequisites
        • 2. OpenSSH command for Yubkey FIDO2
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Setting a Yubikey PIN without Yubikey software.
        • 1. Using Key9 "registration" to register a new Yubikey PIN.
        • 2. Using "webauthn.io" to register a new Yubikey PIN.
      • RSA Password Protected SSH Key
        • 1. Key9 Settings to allow RSA
        • 2. Generating RSA SSH Key
        • 3. Enrolling your public key to Key9
        • 4. Testing your SSH key
      • Determine your Yubikey Type
        • 1. Linux "lsusb" command
        • 2. MacOS "ioreg" command
        • 3. Windows 11
      • Useful External Links
      • Windows Powershell with Yubikey/FIDO2-protected SSH keys
        • 1. Download OpenSSH for Windows.
        • 2. Setting up your SSH keys
        • 3. Enrolling your public key to Key9
      • Technical Notes
        • Pop!_OS - "agent refused operation"
      • Key9 SSH for Debian 12 [Bookworm] Howto
        • 1. Installing GPG
        • 2. Configuring the Key9 Debian 12 Repo.
        • 3. Configuring the Key9 SSH client
        • 4. Configuring Name Service Switch [/etc/nsswitch.conf]
        • 5. Configuring the OpenSSH server
        • 6. Modifying "sudoers" [optional]
        • 7. Configuring "k9-tail" for logs [optional]
        • 8. Automatic home directory creation [optional]
  • Web
    • Marketplace Applications
      • Amazon Web Services
      • Atlassian Jira
      • Cyera
      • GitBook
      • Google Workspace
      • KnowBe4
      • LibreNMS
      • NetBox
      • SentinalOne
      • Wiz
Powered by GitBook
On this page
  • The advantages of using RSA SSH Keys:
  • The disadvantages of RSA SSH Keys:
  1. SSH
  2. Installation & Setup

RSA Password Protected SSH Key

These instructions are for creating a non-hardware-protected RSA key. The new key should be password-protected.

The advantages of using RSA SSH Keys:

  1. Does not require any hardware.

  2. Simple to generate.

  3. While RSA keys are not as secure as ED25519-SK, they are still much better than traditional "password-protected" accounts.

  4. Still considered "two factors", as it is a key (something you have) and a password to use the private key (something you know)

  5. RSA keys are supported by almost every version of SSH regardless of the platform (Windows, Linux, OpenBSD, etc)

  6. In some situations, such as a "jump box", it might be difficult to securely pass -sk (ECDSA-SK/ED25519-SK) keys.

The disadvantages of RSA SSH Keys:

  1. Considered less security than modern protocols.

  2. Private keys can be generated without passwords, and there is no way to determine from the public key if a password has been used or not. This might lead to auditing issues. If the private key is on a jump box, it can be tested via a script to determine if a password has been used.

Previous2. Using "webauthn.io" to register a new Yubikey PIN.Next1. Key9 Settings to allow RSA

Last updated 4 months ago