Encrypt temporary password using public ssh key

ssh password openssl encryption public-key

I finally found how to convert an OpenSSH public key to PEM format on a blog and was able to successfully encrypt and decrypt a string using my private/public key.

I've outlined the steps I used to perform the encryption and decryption.

To encrypt a string:

# convert public key to PEM format
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8  > ~/.ssh/id_rsa.pub.pem

# encrypt string using public key
echo "String to Encrypt" \
   | openssl rsautl -pubin -inkey ~/.ssh/id_rsa.pub.pem -encrypt -pkcs \
   | openssl enc -base64 \
   > string.txt

To decrypt a string (from file):

openssl enc -base64 -d -in string.txt \
    | openssl rsautl -inkey ~/.ssh/id_rsa -decrypt

Since my goal is to e-mail the password, I've written an extremely basic script to automate things a bit:

#!/bin/sh
if test "x${1}" == "x";then
   echo "Usage: ${0} <username>"
   exit 1
fi
SSHUSER=${1}
printf "Enter Password: "
read PASS1
echo ""
echo ""
ssh-keygen -f /home/${SSHUSER}/.ssh/id_rsa.pub -e -m PKCS8 \
    > /tmp/ssh-pubkey-${SSHUSER}.pem
echo 'cat << EOF |openssl enc -base64 -d |openssl rsautl -inkey ~/.ssh/id_rsa -decrypt'
echo "New Password: ${PASS1}" \
   | openssl rsautl -pubin -inkey /tmp/ssh-pubkey-${SSHUSER}.pem -encrypt -pkcs \
   | openssl enc -base64
echo "EOF"
echo ""
rm -f /tmp/ssh-pubkey-${SSHUSER}.pem

I can then send the output of the script in an e-mail for the user to decrypt.

The complete script is available on Github: https://gist.github.com/3078682


It is possible since it's just an RSA key. Use openssl:

openssl rsautl -encrypt -inkey alice.pub >message.encrypted

I nicked this of this question on Unix/Linux SE.

I must say that PGP is more suitable for this.


In general, yes this is possible. All SHH does is generate a Modulus N and two keys e (the public key) and d (the private one). The mechanism employed is usually RSA or DSA and the Keys generated can be used for encryption. All you'd have to do is extract them from the base64 blob that is the public key and then use a suitable program to encrypt data with these keys. You might be interested in Monkeysphere which can transfer between ssh key format and gnupg keys. This should allow you also to use the keys for encryption.

Related

%ProgramFiles% differences on 64bit Windows
Windows 7 and print jobs logging
No more diskspace on server [duplicate]
Increase file ulimit for the asterisk daemon
Check nginx active connection without HttpStubStatusModule
How to remove a Windows share when the folder does not exist anymore?
Macvlan based interface pings from host but not from namespace
ssh: id_rsa doesn't work, but if I rename it, it works
How to check if my Supermicro IPMI is compromised with plaintext admin password over the web?
How to export a Full SMTP Log in Office 365
How to apply PostgreSQL "GRANT ALL ON ALL TABLES" to new tables?
What's the downside of disabling PAM in OpenSSH if only public-key login is allowed?