Private Key Management

Docusnap offers the possibility to import private keys or to create RSA keys for the Linux inventory.

As the most secure variant, we recommend creating a private key of type SSH-Ed25519 / AES256-CBC on the Linux system.

To create a new key, one of the following commands must be executed on the system. If the package ssh-keygen is not installed, this must be installed via the appropriate package manager. In the case of Ubuntu this would be sudo apt-get install ssh-keygen - before this the command sudo apt update should be executed:

  • ssh-ed25519 /w aes256-cbc:
    ssh-keygen -t ed25519 -Z aes256-cbc
  • ecdsa-sha2-nistp256:
    ssh-keygen -t ecdsa -b 256 -m pem
  • ecdsa-sha2-nistp384:
    ssh-keygen -t ecdsa -b 384 -m pem
  • ecdsa-sha2-nistp521:
    ssh-keygen -t ecdsa -b 521 -m pem
  • ssh-rsa:
    ssh-keygen -m PEM -t rsa -b 4096

Docusnap Management Import Private Key

The passphrase that can be entered is optional, but is subsequently required in Docusnap when assigned! The storage space for the files is freely selectable.

Two files are then created in the specified directory - in the example ed25519 and ed25519.pub.

Afterwards the public key must be transferred from the corresponding .pub file into the file - in the example user root - /root/.ssh/authorized_keys.

Docusnap Management Create RSA

The file with the private key - ed25519 in the example - must now be transferred to the Docusnap system.

A new key is added by clicking on the New button. By clicking on the Import Private Key button, this file is selected and imported into Docusnap.

If a passphrase is used for the key, it must be entered during the import.

Docusnap Management RSA Password

A name must be specified, this can be chosen as desired. By clicking on the Save button, the key is saved to the database.

A private key of the type SSH-Ed25519 / AES256-CBC is recommended as the most secure variant.

The following key variants are still supported for compatibility reasons:

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-rsa

Alternatively, an RSA key can be created by Docusnap using the Create RSA Key button. The key pair is encrypted using the RSA method. The key used is then encrypted again and stored in the database. A passphrase is not created. When the creation is complete, preview of the key is displayed - this is useful for better identification when using different RSA keys. By clicking the Save button, the RSA key is stored in the database. With the button Export Public Key the public keys can be exported and stored on the Linux systems.

The above steps can be repeated at will, for example to import or create keys for the different clients in the Docusnap environment and use them afterwards.

The Delete button can be used to remove the selected key from the database.