Thejesh GN

A container for all my views with excerpts from technology, travel, films, books, kannada, friends and other interests. I am Thejesh GN, friends call me Thej.

Thejesh GN > Wiki > Notebook > SSH Hacks

SSH Hacks

Encrypt using age

age -e -R friends_pub.txt important.txt > important.txt.age

Decrypt using age

age -d -i ~/.ssh/id_ed25519 important.txt.age > important.txt

Sign a message

ssh-keygen -Y sign -n thejeshgn.com -f ~/.ssh/id_ed25519 < data.txt > data.signature

Verify signature

ssh-keygen -Y verify -f allowed_signers.txt -n thejeshgn.com -I i@thejeshgn.com -s data.signature < data.txt
  • allowed_signers.txt will have one identity and key combo per line, each line will be
    • identity principals keytype base64_key [options]
    • Where identity will be usually email that is used to identity of the key
    • keytype will be ssh key type like ssh-ed25519
    • base64_key will be actual public key
    • For example i@thejeshgn.com ssh-ed25519 AAAAmy-key
  • -I must match the identity in the file
  • -n is the namespace (must match what was used when signing)