[ovirt-users] Proper way to change and persist vdsm configuration options

Alon Bar-Lev alonbl at redhat.com
Fri Aug 22 10:30:49 UTC 2014


you are hijacking this thread... but anyway... please refer to the original question, how to easily convert X.509 certificate to SSH public key. the best method should avoid using the private key. newer ssh-keygen supports exactly that.

----- Original Message -----
> From: "Sven Kieske" <S.Kieske at mittwald.de>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: users at ovirt.org
> Sent: Friday, August 22, 2014 1:24:17 PM
> Subject: Re: [ovirt-users] Proper way to change and persist vdsm configuration options
> 
> well yeah, it does not generate pkcs#8 by default
> but you can easily convert existing keys via openssl:
> 
> openssl pkcs8 -topk8 -v2 des3 \
>     -in test_rsa_key.old -passin 'pass:super secret passphrase' \
>     -out test_rsa_key -passout 'pass:super secret passphrase'
> see this page for more details:
> http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
> 
> newer ssh-keygen versions use PBKDF2 by default and not MD5 anymore.
> 
> HTH
> 
> Am 22.08.2014 10:51, schrieb Alon Bar-Lev:
> > the ssh-keygen does not.
> 
> --
> Mit freundlichen Grüßen / Regards
> 
> Sven Kieske
> 
> Systemadministrator
> Mittwald CM Service GmbH & Co. KG
> Königsberger Straße 6
> 32339 Espelkamp
> T: +49-5772-293-100
> F: +49-5772-293-333
> https://www.mittwald.de
> Geschäftsführer: Robert Meyer
> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen



More information about the Users mailing list