Using SSH keys in Linux/en: Difference between revisions
Jump to navigation
Jump to search
(Updating to match new version of source page) |
(Updating to match new version of source page) |
||
Line 43: | Line 43: | ||
<li>Verify permissions: | <li>Verify permissions: | ||
:*use the <code>chmod 600 /home/USERNAME/.ssh/authorized_keys</code> command for file <code>/home/USERNAME/.ssh/authorized_keys</code>; | :*use the <code>chmod 600 /home/USERNAME/.ssh/authorized_keys</code> command for file <code>/home/USERNAME/.ssh/authorized_keys</code>; | ||
:*use the <code>chmod 700 /home/USERNAME/.ssh</code> command for directory <code>/home/USERNAME/.ssh/</code>. | :*use the <code>chmod 700 /home/USERNAME/.ssh</code> command for directory <code>/home/USERNAME/.ssh/</code>; | ||
:*ensure your home directory is writable only by yourself with <code>chmod go-w /home/USERNAME</code>. (You should never make your home directory writable by your group or other users for security reasons.) | |||
<li>If you were logged in with admin privileges and used the <code>sudo</code> command when you created the <code>authorized_keys</code> file, make sure user <code>USERNAME</code> is the owner for | <li>If you were logged in with admin privileges and used the <code>sudo</code> command when you created the <code>authorized_keys</code> file, make sure user <code>USERNAME</code> is the owner for | ||
:* directory <code>/home/USERNAME/.ssh</code> with the <code>sudo chown USERNAME:USERNAME /home/USERNAME/.ssh</code> command; | :* directory <code>/home/USERNAME/.ssh</code> with the <code>sudo chown USERNAME:USERNAME /home/USERNAME/.ssh</code> command; |
Revision as of 19:39, 15 November 2019
Parent page: SSH
Creating a key pair
Before creating a new key pair, check to see if you already have one. Key pairs are typically located in the .ssh/
directory in your home directory. The default key names are id_rsa
for the private key and id_rsa.pub
for the public key.
To create a key pair, use the ssh-keygen
command.
[name@server]$ ssh-keygen -b 2048 -t rsa
The output will be similar to
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu/.ssh/id_rsa. Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub. The key fingerprint is: ef:87:b5:b1:4d:7e:69:95:3f:62:f5:0d:c0:7b:f1:5e ubuntu@test-key The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | o . | | S o o.| | . + +oE| | .o O.oB| | .. +oo+*| | ... o..| +-----------------+
When prompted, enter a passphrase. If you already have key pairs saved with the default names, you may wish to enter a different file name for the new keys so as not to overwrite existing key pairs.
Connecting using a key pair
- Once your key pair has been created, copy the public key from your local machine (in our example,
/home/ubuntu/.ssh/id_rsa.pub
) to the/home/USERNAME/.ssh/authorized_keys
file on the server you wish to connect to.- If the
authorized_keys
file already exists, add your public key as a new line at the bottom of this file with an editor such as vim or nano.
- If the
- Verify permissions:
- use the
chmod 600 /home/USERNAME/.ssh/authorized_keys
command for file/home/USERNAME/.ssh/authorized_keys
; - use the
chmod 700 /home/USERNAME/.ssh
command for directory/home/USERNAME/.ssh/
; - ensure your home directory is writable only by yourself with
chmod go-w /home/USERNAME
. (You should never make your home directory writable by your group or other users for security reasons.)
- use the
- If you were logged in with admin privileges and used the
sudo
command when you created theauthorized_keys
file, make sure userUSERNAME
is the owner for- directory
/home/USERNAME/.ssh
with thesudo chown USERNAME:USERNAME /home/USERNAME/.ssh
command; - file
authrorized_keys
with thesudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keys
command.
- directory
- Finally test the new key by sshing to the remote machine from the local machine with
[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS
where
/home/ubuntu/.ssh/id_rsa
specifies your private key file;USERNAME
is the user name on the remote machine;ADDRESS
is the address of the remote machine.
If you have administrative access on the server and created the account for other users, they should test the connection out themselves and not disclose their private key.