When you consider creating a new RSA or DSA keyfile, you do it with the knowledge that it will provide increased security when logging into a server using SSH. Requiring a RSA key as a security credential in the SSH authentication process is a more secure access management policy. Properly managing your credentials to maintain access and security can prevent problems, and increase profitability.
There are at least three potential security related problems with traditional SSHD configuration.
1. Credential loss/theft
2. Potential Bruteforcing
3. Out of date access
We also discussed some solutions for eliminating and minimizing the risk of these problems.
1. Encrypted credentials (PGP encrypted username, password, key file)
2. Requiring a key, as well as a username and password
3. Rotating keys, audits
For those of you who are new to ssh keys, you can create a create a new key easily using the
ssh-keygen command. This command allows the generation, management, and conversion of authentication keys. You only need to enter the ssh-keygen command to create an RSA keyfile, where the -t flag is used to specify the type of key to be generated, e.g.ssh-keygen -t rsassh-keygen -t rsa -f ~/.ssh/id_rsa (default location)
