Using SSH keys in Linux
Jump to navigation
Jump to search
Parent page: SSH
Creating a key pair
Before creating a new key pair, check to see if you already have one. Key pairs are typically located in the .ssh/
directory in your home directory. The default key names are id_rsa
for the private key and id_rsa.pub
for the public key.
To create a key pair, use the ssh-keygen
command.
[name@server]$ ssh-keygen -b 2048 -t rsa
The output will be similar to
Generating public/private rsa key pair. Enter file in which to save the key (/home/ubuntu/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ubuntu/.ssh/id_rsa. Your public key has been saved in /home/ubuntu/.ssh/id_rsa.pub. The key fingerprint is: ef:87:b5:b1:4d:7e:69:95:3f:62:f5:0d:c0:7b:f1:5e ubuntu@test-key The key's randomart image is: +--[ RSA 2048]----+ | | | | | . | | o . | | S o o.| | . + +oE| | .o O.oB| | .. +oo+*| | ... o..| +-----------------+
When prompted, enter a passphrase. If you already have key pairs saved with the default names, you may wish to enter a different file name for the new keys so as not to overwrite existing key pairs.
Connecting using a key pair
- Once your key pair has been created, copy the public key from your local machine (in our example,
/home/ubuntu/.ssh/id_rsa.pub
) to the/home/USERNAME/.ssh/authorized_keys
file on the server you wish to connect to.- If the
authorized_keys
file already exists, add your public key as a new line at the bottom of this file with an editor such as vim or nano.
- If the
- Verify permissions:
- use the
chmod 600 /home/USERNAME/.ssh/authorized_keys
command for file/home/USERNAME/.ssh/authorized_keys
; - use the
chmod 700 /home/USERNAME/.ssh
command for directory/home/USERNAME/.ssh/
.
- use the
- If you were logged in with admin privileges and used the
sudo
command when you created theauthorized_keys
file, make sure userUSERNAME
is the owner for- directory
/home/USERNAME/.ssh
with thesudo chown USERNAME:USERNAME /home/USERNAME/.ssh
command; - file
authrorized_keys
with thesudo chown USERNAME:USERNAME /home/USERNAME/.ssh/authorized_keys
command.
- directory
- Finally test the new key by sshing to the remote machine from the local machine with
[name@server]$ ssh -i /home/ubuntu/.ssh/id_rsa USERNAME@ADDRESS
where
/home/ubuntu/.ssh/id_rsa
specifies your private key file;USERNAME
is the user name on the remote machine;ADDRESS
is the address of the remote machine.
If you have administrative access on the server and created the account for other users, they should test the connection out themselves and not disclose their private key.