Using SSH keys in Linux/en: Difference between revisions
Jump to navigation
Jump to search
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
=Creating a | =Creating a key pair= | ||
Before creating a new key pair, check to see if you already have one. Key pairs are typically located in the <code>.ssh/</code> directory in your home directory. The default key names are <code>id_rsa</code> for the private key and <code>id_rsa.pub</code> for the public key. | |||
To create a key pair, use the <code>ssh-keygen</code> command. | |||
<source lang="console"> | <source lang="console"> | ||
| Line 7: | Line 9: | ||
</source> | </source> | ||
will | The output will be similar to | ||
Generating public/private rsa key pair. | Generating public/private rsa key pair. | ||
| Line 30: | Line 32: | ||
+-----------------+ | +-----------------+ | ||
When prompted, enter a passphrase. If you already have key pairs saved with the default names, you may wish to enter a different file name for the new keys so as not to overwrite existing key pairs. | |||
=Connecting using a | =Connecting using a key pair= | ||
<ol> | <ol> | ||
<li>Once your key pair has been created, copy the public key ( | <li>Once your key pair has been created, copy the public key from your local machine (in our example, <code>/home/ubuntu/.ssh/id_rsa.pub</code>) to the <code>/home/USERNAME/.ssh/authorized_keys</code> file on the server you wish to connect to. | ||
<li> | :If the <code>authorized_keys</code> file already exists, add your public key as a new line at the bottom of this file with an editor such as vim or nano.</li> | ||
<li>If you were | <li>Verify permissions: | ||
:*use the <code>chmod 600 /home/USERNAME/.ssh/authorized_keys</code> command for file <code>/home/USERNAME/.ssh/authorized_keys</code>; | |||
:*use the <code>chmod 700 /home/USERNAME/.ssh</code> command for directory <code>/home/USERNAME/.ssh/</code>. | |||
<li>If you were logged in with admin privileges and used the <code>sudo</code> command when you created the <code>authorized_keys</code> file, make sure user <code>USERNAME</code> is the owner for | |||
:* directory <code>/home/USERNAME/.ssh</code> with the <code>sudo chown USERNAME:USERNAME /home/USERNAME/.ssh</code> command; | |||
:* file <code>authrorized_keys</code> with the <code>sudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keys</code> command.</li> | |||
<li>Finally test the new key by sshing to the remote machine from the local machine with | <li>Finally test the new key by sshing to the remote machine from the local machine with | ||
<source lang="console">[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS</source> | <source lang="console">[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS</source> | ||
where <code>/home/ubuntu/.ssh/id_rsa</code> specifies your private key file | where | ||
:*<code>/home/ubuntu/.ssh/id_rsa</code> specifies your private key file; | |||
:*<code>USERNAME</code> is the user name on the remote machine; | |||
:*<code>ADDRESS</code> is the address of the remote machine. | |||
If you have administrative access on the server and created the account for other users, they should test the connection out themselves and not disclose their private key. | |||
</li> | </li> | ||
</ol> | </ol> | ||
[[Category:Connecting]] | [[Category:Connecting]] | ||
Revision as of 23:00, 15 December 2017
Creating a key pair
Before creating a new key pair, check to see if you already have one. Key pairs are typically located in the .ssh/ directory in your home directory. The default key names are id_rsa for the private key and id_rsa.pub for the public key.
To create a key pair, use the ssh-keygen command.
[name@server]$ ssh-keygen -b 2048 -t rsa
The output will be similar to
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu/.ssh/id_rsa. Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub. The key fingerprint is: ef:87:b5:b1:4d:7e:69:95:3f:62:f5:0d:c0:7b:f1:5e ubuntu@test-key The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | o . | | S o o.| | . + +oE| | .o O.oB| | .. +oo+*| | ... o..| +-----------------+
When prompted, enter a passphrase. If you already have key pairs saved with the default names, you may wish to enter a different file name for the new keys so as not to overwrite existing key pairs.
Connecting using a key pair
- Once your key pair has been created, copy the public key from your local machine (in our example,
/home/ubuntu/.ssh/id_rsa.pub) to the/home/USERNAME/.ssh/authorized_keysfile on the server you wish to connect to.- If the
authorized_keysfile already exists, add your public key as a new line at the bottom of this file with an editor such as vim or nano.
- If the
- Verify permissions:
- use the
chmod 600 /home/USERNAME/.ssh/authorized_keyscommand for file/home/USERNAME/.ssh/authorized_keys; - use the
chmod 700 /home/USERNAME/.sshcommand for directory/home/USERNAME/.ssh/.
- use the
- If you were logged in with admin privileges and used the
sudocommand when you created theauthorized_keysfile, make sure userUSERNAMEis the owner for- directory
/home/USERNAME/.sshwith thesudo chown USERNAME:USERNAME /home/USERNAME/.sshcommand; - file
authrorized_keyswith thesudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keyscommand.
- directory
- Finally test the new key by sshing to the remote machine from the local machine with
[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESSwhere
/home/ubuntu/.ssh/id_rsaspecifies your private key file;USERNAMEis the user name on the remote machine;ADDRESSis the address of the remote machine.
If you have administrative access on the server and created the account for other users, they should test the connection out themselves and not disclose their private key.