Using SSH keys in Linux/en: Difference between revisions
Jump to navigation
Jump to search
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
| Line 33: | Line 33: | ||
=Connecting using a Key Pair= | =Connecting using a Key Pair= | ||
Once your key pair has been created copy the public key (the <code>/home/ubuntu/.ssh/id_rsa.pub</code> key file in the above on your local machine) to the <code>/home/USERNAME/.ssh/authorized_keys</code> file on the server you wish to connect to. If | <ol> | ||
<li>Once your key pair has been created, copy the public key (the <code>/home/ubuntu/.ssh/id_rsa.pub</code> key file in the above on your local machine) to the <code>/home/USERNAME/.ssh/authorized_keys</code> file on the server you wish to connect to. If the <code>authorized_keys</code> file already exists add your public key as a new line at the bottom of the file using an editor such as vim or nano.</li> | |||
Finally test the new key by sshing to the remote machine from the local machine with | <li>Ensure the file <code>/home/USERNAME/.ssh/authorized_keys</code> and directory <code>/home/USERNAME/.ssh/</code> have the correct permissions with <code>chmod 600 /home/USERNAME/.ssh/authorized_keys</code> and <code>chmod 700 /home/USERNAME/.ssh</code> respectively.</li> | ||
<li>If you were not logged in as <code>USERNAME</code> while you were creating this <code>authrorized_keys</code> file (e.g. you had administrative privileges on the server and used the <code>sudo</code> command before the above commands), ensure the owner of the directory <code>/home/USERNAME/.ssh</code> and the file <code>authrorized_keys</code> are owned by the user <code>USERNAME</code> with the commands <code>sudo chown USERNAME:USERNAME /home/USERNAME/.ssh</code> and <code>sudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keys</code>.</li> | |||
<li>Finally test the new key by sshing to the remote machine from the local machine with | |||
[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS | <source lang="console">[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS</source> | ||
</source> | where <code>/home/ubuntu/.ssh/id_rsa</code> specifies your private key file and <code>USERNAME</code> is the user name on the remote machine, and <code>ADDRESS</code> is the address of the remote machine. If you have administrative access on the server and created the account for some one else, rather than giving you their private key they should keep the private key and test the connection out themselves. Private keys should remain private. | ||
</li> | |||
where <code>/home/ubuntu/.ssh/id_rsa</code> specifies your private key file and <code>USERNAME</code> is the user name on the remote machine, and <code>ADDRESS</code> is the address of the remote machine. | </ol> | ||
[[Category:Connecting]] | [[Category:Connecting]] | ||
Revision as of 16:33, 14 December 2017
Creating a Key Pair
To create a key pair use the ssh-keygen command. Before running the command check to see if you might already have a key pair. Keys are located in the .ssh/ directory in your home directory. The default key names are id_rsa for the private key and id_rsa.pub for the public key. The command
[name@server]$ ssh-keygen -b 2048 -t rsa
will generate output similar to the following
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu/.ssh/id_rsa. Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub. The key fingerprint is: ef:87:b5:b1:4d:7e:69:95:3f:62:f5:0d:c0:7b:f1:5e ubuntu@test-key The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | o . | | S o o.| | . + +oE| | .o O.oB| | .. +oo+*| | ... o..| +-----------------+
when prompted you should enter a passphrase. If you already have a key pair saved with the default names you may wish to enter a file name for the saved keys so as not to overwrite an existing key pair.
Connecting using a Key Pair
- Once your key pair has been created, copy the public key (the
/home/ubuntu/.ssh/id_rsa.pubkey file in the above on your local machine) to the/home/USERNAME/.ssh/authorized_keysfile on the server you wish to connect to. If theauthorized_keysfile already exists add your public key as a new line at the bottom of the file using an editor such as vim or nano. - Ensure the file
/home/USERNAME/.ssh/authorized_keysand directory/home/USERNAME/.ssh/have the correct permissions withchmod 600 /home/USERNAME/.ssh/authorized_keysandchmod 700 /home/USERNAME/.sshrespectively. - If you were not logged in as
USERNAMEwhile you were creating thisauthrorized_keysfile (e.g. you had administrative privileges on the server and used thesudocommand before the above commands), ensure the owner of the directory/home/USERNAME/.sshand the fileauthrorized_keysare owned by the userUSERNAMEwith the commandssudo chown USERNAME:USERNAME /home/USERNAME/.sshandsudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keys. - Finally test the new key by sshing to the remote machine from the local machine with
[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESSwhere
/home/ubuntu/.ssh/id_rsaspecifies your private key file andUSERNAMEis the user name on the remote machine, andADDRESSis the address of the remote machine. If you have administrative access on the server and created the account for some one else, rather than giving you their private key they should keep the private key and test the connection out themselves. Private keys should remain private.