{"id":1234,"date":"2016-02-28T01:07:12","date_gmt":"2016-02-27T16:07:12","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=1234"},"modified":"2016-02-28T04:21:31","modified_gmt":"2016-02-27T19:21:31","slug":"add-ed25519-to-openssh-of-hostkey","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2016\/02\/28\/add-ed25519-to-openssh-of-hostkey\/","title":{"rendered":"OpenSSH\u306eHostKey\u306bED25519\u3092\u8ffd\u52a0"},"content":{"rendered":"

<\/p>\n

\u3075\u3068\u3042\u308bhost\u306bED25519\u306e\u30b5\u30fc\u30d0\u9375\u304c\u306a\u3044\u306e\u306b\u6c17\u3065\u3044\u305f\u306e\u3067\u4f5c\u308a\u307e\u3057\u305f\uff0e<\/p>\n

\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3057\u3066\u4f5c\u308b\u304b\uff0c<\/p>\n

$ sudo ssh-keygen -N '' -f \/etc\/ssh\/ssh_host_ed25519_key<\/span><\/span><\/span><\/div>
Generating public\/private rsa key pair.<\/span><\/span><\/span><\/div>
Your identification has been saved in .\/ssh_host_ed25519_key.<\/span><\/span><\/span><\/div>
Your public key has been saved in .\/ssh_host_ed25519_key.pub.<\/span><\/span><\/span><\/div>
The key fingerprint is:<\/span><\/span><\/span><\/div>
f3:55:7f:02:04:92:c3:e0:4c:8c:7a:05:6a:00:28:da root@micro<\/span><\/span><\/span><\/div>
The key's randomart image is:<\/span><\/span><\/span><\/div>
+--[ RSA 2048]----+<\/span><\/span><\/span><\/div>
|=   .+oo.....    |<\/span><\/span><\/span><\/div>
|o. ..+o +. .     |<\/span><\/span><\/span><\/div>
|o.o. .o  .  . .  |<\/span><\/span><\/span><\/div>
|..E .        o . |<\/span><\/span><\/span><\/div>
|   .    S   . . o|<\/span><\/span><\/span><\/div>
|         o .   ..|<\/span><\/span><\/span><\/div>
|          .      |<\/span><\/span><\/span><\/div>
|                 |<\/span><\/span><\/span><\/div>
|                 |<\/span><\/span><\/span><\/div>
+-----------------+<\/span><\/span><\/span><\/div><\/pre>\n
ssh-keygen -A<\/code>\u3067\u8db3\u308a\u306a\u3044\u3082\u306e\u3092\u81ea\u52d5\u751f\u6210\u3057\u3066\u3082\u3089\u3044\u307e\u3059\uff0e-A<\/code>\u306e\u5834\u5408\u9375\u6307\u7d0b\u304c\u51fa\u3066\u3053\u306a\u3044\u306e\u3067`ssh-keygen -lf\u3068\u304b\u3067\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046\uff0e<\/p>\n
$ sudo ssh-keygen -A<\/span><\/span><\/span><\/div>
ssh-keygen: generating new host keys: ED25519<\/span><\/span><\/span><\/div>
$ cat \/etc\/ssh\/ssh_host_ed25519_key.pub<\/span><\/span><\/span><\/div>
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYCcWp86jHwcb56mvdFMpCjovBH8eAa99OufTUEYycU root@micro<\/span><\/span><\/span><\/div>
$ ssh-keygen -lf \/etc\/ssh\/ssh_host_ed25519_key<\/span><\/span><\/span><\/div>
256 bf:f8:4a:5b:2d:da:72:84:e7:87:25:1b:9d:1c:56:b2  root@micro (ED25519)<\/span><\/span><\/span><\/div><\/pre>\n
\u898f\u5b9a\u5024\u3067\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3068\u601d\u3046\u3051\u3069\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u3082\u8a18\u8ff0\u3057\u3066\u30c7\u30fc\u30e2\u30f3\u3092reload\uff0e<\/p>\n
$ grep ed25519 \/etc\/ssh\/sshd_config<\/span><\/span><\/span><\/div>
HostKey \/etc\/ssh\/ssh_host_ed25519_key<\/span><\/span><\/span><\/div>
$ sudo service ssh restart<\/span><\/span><\/span><\/div><\/pre>\n
ed25519\u3067\u5e30\u3063\u3066\u304f\u308b\u304b\u78ba\u8a8d\uff0e<\/p>\n
$ ssh-keyscan -p 2222 -t ed25519 localhost<\/span><\/span><\/span><\/div>
# localhost SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6<\/span><\/span><\/span><\/div>
localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYCcWp86jHwcb56mvdFMpCjovBH8eAa99OufTUEYycU<\/span><\/span><\/span><\/div><\/pre>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eknown_hosts\u304b\u3089\u53e4\u3044\u3082\u306e\u3092\u6d88\u3057\u3066\u767b\u9332\u3057\u306a\u304a\u3057\u3066\uff0c<\/p>\n
$ ssh-keygen -f ~\/.ssh\/known_hosts -R [192.168.1.102]:2222<\/span><\/span><\/span><\/div>
$ ssh -o HostKeyAlgorithms=ssh-ed25519 micro<\/span><\/span><\/span><\/div>
The authenticity of host '[192.168.1.102]:2222 ([192.168.1.102]:2222)' can't be established.<\/span><\/span><\/span><\/div>
ED25519 key fingerprint is SHA256:H8TMbIG65XqBAeiST98ThJq\/Ux7RHerpMGXnxVJ7EjE.<\/span><\/span><\/span><\/div>
+--[ED25519 256]--+<\/span><\/span><\/span><\/div>
|   . .   .. E.   |<\/span><\/span><\/span><\/div>
|  . o . .=..o.   |<\/span><\/span><\/span><\/div>
| o o o o oB+ o   |<\/span><\/span><\/span><\/div>
|o =   = *o+ = .  |<\/span><\/span><\/span><\/div>
| + o . %S+.o o   |<\/span><\/span><\/span><\/div>
|  . o X =...     |<\/span><\/span><\/span><\/div>
|     + B ..      |<\/span><\/span><\/span><\/div>
|    o o o        |<\/span><\/span><\/span><\/div>
|     . .         |<\/span><\/span><\/span><\/div>
+----[SHA256]-----+<\/span><\/span><\/span><\/div>
Are you sure you want to continue connecting (yes\/no)? yes<\/span><\/span><\/span><\/div>
Warning: Permanently added '[192.168.1.102]:2222' (ED25519) to the list of known hosts.<\/span><\/span><\/span><\/div>
 <\/span><\/span><\/div><\/pre>\n
\u5f8c\u306fDNS\u306b\u767b\u9332\u3057\u305f\u308a\u2026\u2026\u3063\u3066ed25519\u306f\u30a8\u30e9\u30fc\u306b\u306a\u308b\u307f\u305f\u3044\u3067\u3059\u306d\uff0e<\/p>\n
$ ssh-keygen -r example.org -f \/etc\/ssh\/ssh_host_ed25519_key<\/span><\/span><\/span><\/div>
export_dns_rr: unsupported algorithm and\/or digest_type<\/span><\/span><\/span><\/div><\/pre>\n
\u3061\u306a\u307f\u306bED25519\u306fOpenSSH 6.5p1\u3067\u5165\u308a\u307e\u3057\u305f\uff0e<\/p>\n