Private Key Management

  3 minute read  

Docusnap offers the possibility to import private keys or to create SSH keys for the Linux inventory.

As the most secure variant, we recommend creating a private key of type SSH-Ed25519 / AES256-CBC on the Linux system.

To create a new key, one of the following commands must be executed on the system. If the package ssh-keygen is not installed, this must be installed via the appropriate package manager. In the case of Ubuntu this would be sudo apt-get install ssh-keygen - before this the command sudo apt update should be executed:

  • ssh-ed25519 /w aes256-cbc:
    ssh-keygen -t ed25519 -Z aes256-cbc
  • ecdsa-sha2-nistp256:
    ssh-keygen -t ecdsa -b 256 -m pem
  • ecdsa-sha2-nistp384:
    ssh-keygen -t ecdsa -b 384 -m pem
  • ecdsa-sha2-nistp521:
    ssh-keygen -t ecdsa -b 521 -m pem
  • ssh-rsa:
    ssh-keygen -m PEM -t rsa -b 4096

Docusnap Management Import Private Key

The passphrase that can be entered is optional, but is subsequently required in Docusnap when assigned! The storage space for the files is freely selectable.

Two files are then created in the specified directory - in the example ed25519 and ed25519.pub.

The public key must then be transferred from the corresponding .pub file to the ~/.ssh/authorized_keys file. The character ~ stands for the home directory of the currently logged-in user.

Docusnap Management Create Private Key

The file with the private key - ed25519 in the example - must now be transferred to the Docusnap system.

A new key is added by clicking on the New button. By clicking on the Import Private Key button, this file is selected and imported into Docusnap.

If a passphrase is used for the key, it must be entered during the import.

Docusnap Management Private Key Password

A name must be specified, this can be chosen as desired. By clicking on the Save button, the key is saved to the database.

A private key of the type SSH-Ed25519 / AES256-CBC is recommended as the most secure variant.

The following key variants are still supported for compatibility reasons:

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-rsa

Alternatively, an SSH key can be created with Docusnap using the Create Key button. The SSH key pair is generated using the Ed25519 algorithm. The key used is then encrypted again and stored in the database. A passphrase is not created. Once the creation is complete, a shortened preview of the key is displayed in the Key Preview field, which makes it easier to identify different SSH keys. By clicking the Save button, the SSH key is stored in the database. With the button Export Public Key the public keys can be exported and stored on the Linux systems.

The above steps can be repeated at will, for example to import or create keys for the different clients in the Docusnap environment and use them afterwards.

The Delete button can be used to remove the selected key from the database.