You need your SSH public key and you will need your ssh private key. Keys can be generated with ssh-keygen. The private key must be kept on Server 1 and the public key must be stored on Server 2. This is completly described in the manpage of openssh, so I will quote a. Notice that your public and private keys, on creation, will be saved in your.ssh folder. The next step is to copy the public key to the system you want to access from the boss system without using.
6) Upload private and public keys on the device, from which you wish to use ssh commands with RSA authentication 7) Import both keys for the user: /user ssh-keys private import user=remote private-key-file=mykey public-key-file=mykey.pub passphrase='. Use the ssh-keygen command to generate SSH public and private key files. By default, these files are created in the /.ssh directory. You can specify a different location, and an optional password (passphrase) to access the private key file. If an SSH key pair with the same name exists in the given location, those files are overwritten. On your local Linux or macOS computer, you can use the ssh-keygen command to retrieve the public key for your key pair. Specify the path where you downloaded your private key (the.pem file). Ssh-keygen -y -f /pathtokeypair/my-key-pair.pem The command returns the public key.
In every SSH/SFTP connection there are four keys (or two key-pairs) involved. This article explains a difference between them and what keys an SFTP client user needs to care about.
The SSH employs a public key cryptography. A public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic algorithms which requires two separate keys, one of which is secret (or private) and one of which is public.1 Together they are known as a key-pair. In SSH, the public key cryptography is used in both directions (client to server and server to client), so two key pairs are used. One key pair is known as a host (server) key, the other as a user (client) key.
A user private key is key that is kept secret by the SSH user on his/her client machine. The user must never reveal the private key to anyone, including the server (server administrator), not to compromise his/her identity.
To protect the private key, it should be generated locally on a user’s machine (e.g. using PuTTYgen) and stored encrypted by a passphrase. The passphrase should be long enough (that’s why it’s called passphrase, not password) to withstand a brute-force attack for a reasonably long time, in case an attacker obtains the private key file.
Different file formats are used to store private keys. WinSCP supports PuTTY format, with .ppk
extension.
A user public key is a counterpart to user private key. They are generated at the same time. The user public key can be safely revealed to anyone, without compromising user identity.
To allow authorization of the user on a server, the user public key is registered on the server. In the most widespread SSH server implementation, the OpenSSH, file ~/.ssh/authorized_keys
is used for that.
Learn more about public key authentication in general and how to setup authentication with public keys.
Advertisement
Ssh Using Private Key
A host private key is generated when the SSH server is set up. It is safely stored in a location that should be accessible by a server administrator only. The user connecting to the SSH server does not need to care about host private key in general.
A host public key is a counterpart to host private key. They are generated at the same time. The host public key can be safely revealed to anyone, without compromising host identity.
To allow authorizing the host to the user, the user should be provided with host public key in advance, before connecting. The client application typically prompts the user with host public key on the first connection to allow the user to verify/authorize the key. The host public key is then saved and verified automatically on further connections. The client application warns the user, if the host key changes.
- The text is partially copied from Wikipedia article on Public-key cryptography. The text is licensed under GNU Free Documentation License.Back
Public key authentication allows you to access a server via SSH without password. Here are two methods to copy the public ssh key to the server.
I believe you understand the basic SSH concept. Your Linux server has ssh enabled. You have generated ssh keys on your personal computer. Now you want to upload your public key to the authorized keys of the server so that you can access it without typing your account password all the time.
This quick tutorial shows you two methods to add a public SSH key to the server.
Requirements
Before you see that, let’s be clear about what you should already have:
- Your destination server should have ssh enabled
- You should have generated public and private ssh keys (just use the command ssh-keygen -t rsa)
- You should have a user account and password on the server. Even root account will do.
- You should know the IP address of the server
Now that you have made sure of the above three requirements, let’s see how to use public key authentication.
The authentication is per user base so the public key goes in the intended user’s home.
Method 1: Automatically copy the ssh key to server
Ipolis software download for mac boo. The first method is where the end user copies its personal computer’s public key to the list of the authorized keys on the remote server.
Here, I assume that you were able to log in to the remote server using ssh user_name@ip_of_server. It asks for your account’s password and you enter the server.
If you add your public key to the server, you should be able to log in without typing the password all the time.
OpenSSH provides a handy tool call called ssh-copy-id for copying ssh public keys to remote systems. It even creates required directories and files.
As I mentioned earlier, you should know the username and password to the server you want to access via public key authentication.
When prompted, enter the password for your user account at the remote server. Your public key should be copied at the appropriate folder on the remote server automatically.
I have used ~/.ssh/id_rsa.pub because that is the default location for the public ssh key. If you have it at some other location, you should use that in the above command.
Method 2: Manually copy the public ssh key to the server
The first method had the action on the user side. Let’s say that you are the sysadmin and your server doesn’t allow SSH login via password. The only way to access the server is using SSH public key authentication.
In such a case, you can ask the end user to provide her/his public key. Now what you can do is to create .ssh/authorized_keys directory and then copy the public key here.
Let me show the steps.
Step 1: Get the public key
Ask the end user to provide the public key by typing the following command:
It will show a long random string starting with ssh-rsa:
You can get this text via email or messaging tools. Normally, it shouldn’t be a problem.
Step 2: Create ssh directory in the user’s home directory (as a sysadmin)
Keep in mind that you have to create these new directories and files in the end user’s home directory, not your own (root/sysadmin).
Now open this /home/user_name/.ssh/authorized_keys file with a text editor like Vim and add the public key of the user here:
Save and close the file. It’s almost ready.
Step 3: Set appropriate permission to the file
Having appropriate file permission on the ssh file is very important otherwise you’ll see errors like Permission denied (publickey).
Ssh Private Public Key Putty
First, make sure to set the correct file permissions:
You created those file with either root or your own admin accounts for some other user. You need to change the ownership to the user:
Now that it’s done, you can ask the end user to log in to the server.
Do let me know if you face any issues or if you have any suggestion on this topic.
Become a Member for FREE
Join the conversation.