Ben Cordero 9:47 am on April 15, 2022  

Encrypting files to ssh hosts

This is probably a bad idea for forward secrecy reasons. But, did you know what every SSH server tells you how you can encrypt data for it?

Grab the public key from the host

$ ssh-keyscan -t rsa ${host_ip} | awk '{print $2 " " $3}' > ssh-${host_ip}.pub
$ ssh-keygen -e -m PKCS8 -f ssh-${host_ip}.pub > ssh-${host_ip}.pkcs8

Encrypt some data Decrypt it on the server

$ echo "Hello World" | \
> openssl rsautl -inkey ssh-${host_ip}.pkcs8 -pubin -encrypt | \
> ssh root@${host_ip} openssl rsautl -inkey /etc/ssh/ssh_host_rsa_key -decrypt
Hello World