• Post Reply Bookmark Topic Watch Topic
  • New Topic

Encrypt/Decrypt id_rsa file  RSS feed

 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

This related to encrypt and decrypting id_rsa file.

I am doing SSH tunneling using jsch jar. i want keep my id_rsa file encrypted on the server where we install our product and during SSH tunneling i want decrypt the same file and sent it. Its possible that we will perfrom multiple SSH tunneling on different port at the same time. How do i acheive this?

Thanks,
Nisha
 
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't understand why you want to send the RSA private key (the id_rsa file) anywhere since it is only every used by the SSH client as part of it's authentication to the server. In fact it is normally a very very very bad idea to for it to leave the client since by having it anyone can steal the client's identity. The server also has a private key (normally the ssh_host_rsa_key file inside the server configuration directory) and this also must be kept very very private.

You can send the public key of both client and server to anyone since they are needed to be known by anyone who wants to authenticate the client and or server. The server encrypts, using it's private key, a digest of some hand shake data usually obtained from a Diffie–Hellman exchange and sends this encrypted information to the client who decrypts it using the server's public key. If the decrypted digest matches that calculated by the client the client can be pretty sure that the sever is genuine.

Yes it is possible to do multiple SSH tunnelling on different ports. How you do this depends on the SSH client and the SSH server you are using. If, as you seem to be by mentioning the id_rsa file, you are using OpenSSH as the server then there is nothing extra you need to do to the server since it is configured by default to allow this. If you are using JSCH as the client then you just need to follow the tunnelling example that comes with the JSCH distribution and duplicate for each tunnel the code following the authentication i.e. the session.setPortForwardingL() or session.setPortForwardingR() method calls .
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!