ssh / openssh

Introduction – learn some words

It’s easy to get lost in the jungle of certificates, certificate signing requests, private-keys, public-keys, pem’s, crt’s and keys. So first we’re going to learn some basics about ssh. This explanations are meant for Linux-Systems. Let’s learn some common files related to ssh issues. Usually, you have a folder ~/.ssh in your home directory (the Tilde „~“ before the .ssh directory is a shell replacement for your home directory). Here you can find files like:

contains public-keys from others. Compare the format of the content inside authorized_keys and compare it with the format of your key

id_rsa and
after creating a keypair (ssh-keygen) you get a private-key (which is by default stored in ~/.ssh/id_rsa) and a public-key (which lives in ~/.ssh/ Your private-key is for you alone, your public-key goes public. Private keys can have no extension but also can have a .pem extension. There are also .ppk private-keys, these are created from the windows-ssh tool putty. A private key looks somethoing like:


whereas a public key looks like:

ssh-rsa AAAAB3NzaC1yc .... 1cGWoe4+R7ZohrNJp username@yourcomputer

here are all servers stored that had already an established connection before. Whenever you accept something like „add these computer to the trusted ones“, they’ll write their public key into the known_hosts file.

with the file ~/.ssh/config you have a very handy config place to make ssh logins much easier. Check „man ssh_config“ for further information. If the config file does not exist you simply can create it.


Dealing with Certificate signing requests

Create a certificate signing request (csr)

In order to obtain a valid certificate from an authorized issuer, you need to create a certificate signing request.
The following command creates a private-key and a csr to it:

openssl req -nodes -new -newkey rsa:2048 -sha256 -out csr.pem


Check if private-key matches with the csr and the generated certificate

This commandos deliver strings. If the deliver all the same string they belong together.

openssl pkey -in private-key.key -pubout -outform pem | sha256sum 
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum 
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum


create a private key, a certificate signature request and a self signed certificate (windows)

create the private-key, we name it server.key

openssl.exe genrsa -des3 -out server.key 1024
openssl.exe rsa -out server.key 1024

create .pem file

openssl rsa -in server.key -out server.pem

create server.csr (certificate signature request)

openssl req -config c:\openssl.cnf -new -key server.key -out server.csr

create unsigned certificate for 1 year

openssl x509 -req -days 30 -in server.csr -signkey server.key -out server.crt


check if private-key fits to a certificate (windows)

you need to compare the hash-value of the certificate against the hash-value of the private-key get the certificates hash-value

openssl x509 -noout -modulus -in server.crt | openssl md5

get the private-keys hash-value

openssl rsa -noout -modulus -in myserver.key | openssl md5


Other usefull commands

Push your public-key to a server you want to communicate with:

ssh-copy-id username@host


show the random generated image of an ssh key

ssh-keygen -lv -f sgb-id_rsa

check details for a https certified website from the shell:

openssl s_client -showcerts -servername -connect

remove passphrase from private key

openssl rsa -in server.key -out server.key


rename certificate postfix cer to crt

you can just rename the file


OpenSSL is a open-source version of the SSL/TLS-protocol



image handling with ImageMagic

ImageMagic is the tool of choice when you have to manipulate images on the command line.


You can easily install it from a shell with the following command:

sudo apt-get install imagemagick

Change all images in the current folder to a with of 800 pixels with a quality of 80%:

for file in *.jpg; do convert $file -resize 800 -quality 80 $file; done

Convert a *.gif image to a *.jpg image

convert -strip test.gif test.jpg