[ovirt-users] Proper way to change and persist vdsm configuration options
Alon Bar-Lev
alonbl at redhat.com
Fri Aug 22 06:30:49 EDT 2014
you are hijacking this thread... but anyway... please refer to the original question, how to easily convert X.509 certificate to SSH public key. the best method should avoid using the private key. newer ssh-keygen supports exactly that.
----- Original Message -----
> From: "Sven Kieske" <S.Kieske at mittwald.de>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Friday, August 22, 2014 1:24:17 PM
> Subject: Re: [ovirt-users] Proper way to change and persist vdsm configuration options
>
> well yeah, it does not generate pkcs#8 by default
> but you can easily convert existing keys via openssl:
>
> openssl pkcs8 -topk8 -v2 des3 \
> -in test_rsa_key.old -passin 'pass:super secret passphrase' \
> -out test_rsa_key -passout 'pass:super secret passphrase'
> see this page for more details:
> http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
>
> newer ssh-keygen versions use PBKDF2 by default and not MD5 anymore.
>
> HTH
>
> Am 22.08.2014 10:51, schrieb Alon Bar-Lev:
> > the ssh-keygen does not.
>
> --
> Mit freundlichen Grüßen / Regards
>
> Sven Kieske
>
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
More information about the Users
mailing list