Method And System For Public/Private Key Pairs Regeneration Without Communication Disruption
Publication Date: 2010-Nov-24
The IP.com Prior Art Database
A method and system is provided to regenerate public/private key pairs without disrupting communication that is based on public/private key pairs. Multiple public keys are temporarily added to a file that maintains authorized public keys, while the public/private key pairs are being regenerated and replaced.
Page 01 of 3
Method And System For Public/Private Key Pairs Regeneration Without
Disclosed is a method and system for regenerating public/private key pairs without disrupting communication that is based on public/private key pairs.
The method and system provides password less, bi-directional, Secure Shell (SSH) public key communication between operating system instances of a software product. An operating system instance is herein referred to as a "node". The communication between nodes is a public/private key pair based communication. SSH public/private key pairs are generated periodically without disrupting the communication that relies on SSH public/private key pairs. The SSH public/private key pairs are then stored in an open SSH file, "/root/.ssh/authorized
_keys", at SSH server side of the communication.
_keys" file maintains authorized public keys.
The communication between nodes is bi-directional. Therefore, each node acts as both, SSH client and SSH server and has the same set of files. The set of files in each of the nodes, includes a "last
keys" file, an open SSH public key file, "/root/.ssh/id
_stamp" file is maintained on a local hard disk of a primary node
to control the frequency at which a SSH public/private key pair are regenerated. Additionally, each of the nodes also includes a newly regenerated public key, "/root/.ssh/off
_private", that are not in use initially. Each of the nodes has
the same default public and private key. The private key has no passphrase. The "/root/.ssh/authorized
_keys" file stores the default public key so that each node may
access any other node password less using the SSH public/private key pair.
One of the nodes of the software product acts as a primary node. The primary node orchestrates processing of the regeneration of the SSH public/private key pair. The
stamp" file, the
and an open SSH private key file, "/root/.ssh/id
_public", and a newly regenerated private key,
Page 02 of 3
primary node executes a "generate
key" function at a predefined frequency, for example, once a day. The "generate
key" function is executed if the
_stamp" file exists on the local hard disk and the modification
time of the "last
_stamp" file is less than a predefined period, for
example 90 days, prior to the current time exit. The execution of the "generate
_key" function generates a random RSA key pair using an open SSH
command, "SSH-keygen". However, the RSA key pair is placed "off to the side" and is not in use at this point. The random RSA key pair is generated such that no two public/private key pairs are identical. However, if the "generate
key" function fails exit, no files that are used for the communication are altered at this point.