wykwit.pl / blog / ssh-keys

SSH keys

2018-03-20

To generate a key-pair issue:

$ ssh-keygen

This will produce two (2) files of a name provided on the prompt: [name] and [name].pub

[name].pub is what goes on the server, more on that below. File [name] is your secret key, which you'll use instead of password for authentication. Transfer files between machines either with scp or sftp, whichever you like.

To use a key on ssh:

$ ssh -i path/to/your/key [username]@[host]

You will be asked for the password. Not the user password, but the (optional, though highly recommended) password which you've inputed during the key-creation.

"[username]@" part can be skipped when $(whoami) == [username]

In case you don't know yet - Putty keys ain't compatible with OpenSSH, but you can convert those keys both ways.

As for the server settings (/etc/ssh/sshd_config), you need:

~ PubkeyAuthentication yes
~ AuthorizedKeysFile .ssh/authorized_keys

And I suggest:

~ PasswordAuthentication no

Defaults for the rest are fine.

Now you need to place your [name].pub (public key) file on the server under: .ssh/authorized_keys

That's the most common mistake - IT IS A FILE and the filename must match with your sshd_config.

$ cat [name].pub >> ~/.ssh/authorized_keys

This will only append to the file. Adding a new key.

$ mv [name].pub ~/.ssh/authorized_keys

This will overwrite what you've had saved in the file, making old keys unusable (which is good).

Multiple keys can be used for one account and one key can be used for multiple accounts. Keys are stored in a separate directory for each user. You could use direct path to specify one authorized_keys file for the whole system. For more information RTFM & STFW.