Skip to content

How to Sign/Verify files with SSH

homepage-banner

Introduction

Secure Shell (SSH) is a cryptographic network protocol used to secure data communication. One of the key features of SSH is its ability to use public-key cryptography to authenticate users and secure communication. In this blog post, we will discuss how to sign and verify files using SSH keys.

Signing files

To sign a file with an SSH key, we first need to create a key pair consisting of a private key and a public key. The private key is kept secret and used to sign files, while the public key is shared with others who want to verify the signature.

ssh-keygen -Y sign -f ~/.ssh/id_rsa -n file ${file_to_sign}
  • ~/.ssh/id_rsa is the path of private key
  • the default signature name is ${file_to_sign}.sig

Verifying signatures

To verify a file with an SSH key, we need two things: the signed file and the signature file. We also need the public key of the signer.

prepare allowed_signers with email address, key type and public key.

linux@localhost ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC1IUBsl/582WYfgvER5iuG6lnWWLhRvHz5jjUxOWpTVMNiDvI1eUS5XIE8m1i2PLR1CD4+65yX48q+UT9TXqFVR8N33kuHUkbnNooqUCdYfjKcGD/HqhpjUcleYdzAn6HmVW8R3byEs51wcopQMV5r57F6+EJw7ssrcgc7wvHMjs4+4erW2Nfu9h5MGXww6v3W/ampcVyCMtY568FORNfNQ8Jhan911CQl6zgGiteqI03ccOWaELtn8+QieIMEPaoDMf9n0V9ULPsK6M9RYIXv2o38HiRA2tskdOZ+hWfdMG/zw/TyhITZr1wlsxzNQvQrrRgxkt/6DVdUqL960267QfgaUqe+eGB908mAYBDD14wMI9CZqz7i8oMEOBXG4SJYg9F+5e+va/SLTUo97MkGx3Ng0zoTWNtTQYw+JHWt76QnOBGc3xNsNipceKZo5zzHp7AYxhddOaIniYqLnH9Yb3A5B4Tv9a954fikHLiv97DkUEsk2niePdD8Pb1t5UU=

use the following command to verify.

ssh-keygen -Y verify -f allowed_signers -I linux1@vm2021 -n file -s ${file_to_verify.sig} < ${file_to_verify}

The output if the signature is valid.

Good "file" signature for linux@vm2021 with RSA key SHA256:NmVC1oHNMssv0UfhfCSUKY2UjboQrGI5RwCGK7n0pIU

Conclusion

SSH keys are a powerful tool for securing communication and file transfer. By using public-key cryptography, we can authenticate users and sign files to ensure their integrity. With the SCP command, we can securely transfer files between systems without the need for additional encryption or authentication mechanisms.

Reference

  • https://www.agwa.name/blog/post/ssh_signatures
Leave a message







Disclaimer
  • Welcome to visit the knowledge base of SRE and DevOps!
  • License under CC BY-NC 4.0
  • Made with Material for MkDocs and improve writing by generative AI tools
  • Copyright issue feedback me#imzye.com, replace # with @