couple more cents--- I have never used PW to SSH...
...back many moons ago I also use a XXXX port but that is kinda too much...
...I would sometimes forget to hide it anyways when doing terminal output to html
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Oct 15, 2022 10:44 Post subject:
Keys are generated added to the router and OpenSSH key downloaded to your client (for putty you have to convert the OpenSSH key to Putty ppk format), but still a lot of work to do, key generation takes between 1 and 10 minutes depending on key length and CPU so have to add something of a wait state and the screen does not refresh yet after the keys are generated.
As I am traveling home the coming week it can take some time before it is completed
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sat Oct 15, 2022 11:50 Post subject:
egc if I can suggest something, the key generation fieldset would be better placed inside the SSH fieldset before perhaps the authorized keys textarea because there are no sections here delimited by h2 headers this way its absolutely obvious and delimited areas that are related are together.
And perhaps be optional visible/hidden like - Enable key generation [ ]enabled [] disabled.
So below port you would have
open fieldset - legend - Secure Shell (SSH)
ssh options foo
foo
foobar
port [ ]
Key generation [] Enabled [] Disabled
open fieldset - legend key generation
foo
foobar
foobar foo
[ button ]
Authorized keys textarea
close key gen fieldset
close ssh fieldset
Other considerations;
Instead of limiting to two key sizes, have a input text area and default to 2048 with a max of 4096 so users input what they wish in valid increments. Perhaps no default and a input placeholder like the NTP one - that says key size 2048 or foo or foobar.
Assigning this feature to higher end routers, lower end devices the higher generation time of 10 minutes could end up being much longer. Nothing should take excessive time **.
** Measurement of the start/end process in some percentage like the freeradius certificate generation does, so, on long operations, users dont know if the thing is going or the router has hung users should not have to wonder about this process length.
Users maybe already over taxing their routers with other stuff which will take CPU cycles. Which will likely introduce more delays/overhead.
While I am unsure how it will end up on the User experience/accessibility side of things, I think its a good feature candidate with proper care of implementation.
Default key size is 2048. This does matter, depending on device. _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio