Ubuntu - Sharing SSH Keys
Related Posts
Steps
Sharing your default public key (`~/.ssh/id_rsa.pub) with a remote server is as easy as:
ssh-copy-id user@hostname.domain.com
If you want to use a specific key, then use the following
ssh-copy-id -i /path/to/public/key.pub user@hostname.domain.com
If you want to use a specific key and a specific port then use the following
ssh-copy-id \
-p $PORT \
-i [/path/to/public/key.pub \
user@hostname.domain.com
If you don't already have an identity, an error will pop up and you will need to run the following before retrying.
ssh-keygen
Manual Method
Sometimes you need to do things manually, such as when you can only use a key to log into the server and need to add another key. In such situations, just copy the public key (which should look something like below)
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpPhKCzJUS6RGRza+FudimGKR2RILtShMyN1Gsd0V7r3H1vJ2WwwgMGjUQmow6IyFEFH+1TlbCGDTGxRA82G5+vW3NCbbtkTXyEJsVQ7/QkLqnQL4++BRLhJ5UAzKv84Ohw45VeJPVtW/gAqvB7r4+vcRNPrW3dRW8TVgF9fAi5RdacDXBBGFkSE1IA5mAMqDmiXryn4SlqFqeS4n/jsEFsCmOPo1S67xqp/QsVYyZHjS9jFwxxLuSj/7VT0QuQcU1Q7QWifGM4Rdj8jIboxEoM59Ws9GpeJK94UUX+L8vg8QUp+wiEdQnrzyaTVbu0NtPUdsmynNcM06XWM74E2bT stuart@stu-home-office
... and append it into the $HOME/.ssh/authorized_keys
of the user that you want to use the key to login as.
stuart@stu-home-office
is
just an identifier that you can change to be something more memorable. E.g. to let you know what other servers/users are granted
access to the server so that you can remove them at a later date and not accidentally remove the wrong key.
Create Folder / File If Doesn't Exist
It is not uncommon for the folder/file to not exist yet, especially if you just added a fresh user to the system. You can create them with the following commands:
mkdir $HOME/.ssh
chmod 700 $HOME/.ssh
touch $HOME/.ssh/authorized_keys
chmod 700 $HOME/.ssh/authorized_keys
Manual Removal
Removing an SSH key from being able to access the server is as easy as removing the appropriate line from the
.ssh/authorized_keys
file (or commenting it out with a #
), and then restarting the ssh service with:
sudo service sshd restart
sudo apt remove gnome-keyring
.
References
- Ask Ubuntu - Easiest way to copy ssh keys to another machine
- How do I permanently add an identity for SSH?
- Information Security - Are passwords stored in memory safe?
First published: 16th August 2018