Browse Prior Art Database

Method And System For Public/Private Key Pairs Regeneration Without Communication Disruption

IP.com Disclosure Number: IPCOM000201831D
Publication Date: 2010-Nov-24
Document File: 3 page(s) / 31K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method and system is provided to regenerate public/private key pairs without disrupting communication that is based on public/private key pairs. Multiple public keys are temporarily added to a file that maintains authorized public keys, while the public/private key pairs are being regenerated and replaced.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Method And System For Public/Private Key Pairs Regeneration Without

Communication Disruption

Disclosed is a method and system for regenerating public/private key pairs without disrupting communication that is based on public/private key pairs.

The method and system provides password less, bi-directional, Secure Shell (SSH) public key communication between operating system instances of a software product. An operating system instance is herein referred to as a "node". The communication between nodes is a public/private key pair based communication. SSH public/private key pairs are generated periodically without disrupting the communication that relies on SSH public/private key pairs. The SSH public/private key pairs are then stored in an open SSH file, "/root/.ssh/authorized

_keys", at SSH server side of the communication.

_keys" file maintains authorized public keys.

The communication between nodes is bi-directional. Therefore, each node acts as both, SSH client and SSH server and has the same set of files. The set of files in each of the nodes, includes a "last

_regeneration

keys" file, an open SSH public key file, "/root/.ssh/id

_

_stamp" file is maintained on a local hard disk of a primary node

to control the frequency at which a SSH public/private key pair are regenerated. Additionally, each of the nodes also includes a newly regenerated public key, "/root/.ssh/off

_private", that are not in use initially. Each of the nodes has

the same default public and private key. The private key has no passphrase. The "/root/.ssh/authorized

_keys" file stores the default public key so that each node may

access any other node password less using the SSH public/private key pair.

One of the nodes of the software product acts as a primary node. The primary node orchestrates processing of the regeneration of the SSH public/private key pair. The

The "/root/.ssh/authorized

_time

_

stamp" file, the

"/root/.ssh/authorized

_

_rsa.pub",

and an open SSH private key file, "/root/.ssh/id

_time

rsa". The

"last

_regeneration

_to

_the

_side

_public", and a newly regenerated private key,

"/root/.ssh/off

_to

_the

_side

1


Page 02 of 3

primary node executes a "generate

_new

_

                          key" function at a predefined frequency, for example, once a day. The "generate

_new

_

key" function is executed if the

"last

_regeneration

_time

_stamp" file exists on the local hard disk and the modification

time of the "last

_regeneration

_time

_stamp" file is less than a predefined period, for

example 90 days, prior to the current time exit. The execution of the "generate

_new

_key" function generates a random RSA key pair using an open SSH

command, "SSH-keygen". However, the RSA key pair is placed "off to the side" and is not in use at this point. The random RSA key pair is generated such that no two public/private key pairs are identical. However, if the "generate

_new

_

                                            key" function fails exit, no files that are used for the communication are altered at this point.

Thereafter, t...