public-and-private-ssh-keys
| rev 4 | rev 5 | ||||
|---|---|---|---|---|---|
| 15 | ====================================================== | 15 | ====================================================== | ||
| 16 | 16 | ||||
| n | 17 | Create a ssh public/private keypair:: | n | 17 | Create a ssh public/private keypair: |
| 18 | |||||
| 19 | .. code-block:: bash | ||||
| 18 | 20 | ||||
| 19 | ssh-keygen -t rsa -b 4096 #enter a passphrase when asked | 21 | ssh-keygen -t rsa -b 4096 #enter a passphrase when asked | ||
| 38 | 40 | ||||
| 39 | Keep all your private keys in the same directory with the .key extension. | 41 | Keep all your private keys in the same directory with the .key extension. | ||
| t | 40 | Use the following script to add all private .key files to ssh agent:: | t | 42 | Use the following script to add all private .key files to ssh agent: |
| 43 | |||||
| 44 | .. code-block:: bash | ||||
| 41 | 45 | ||||
| 42 | for f in *.key; do ssh-add $f; done | 46 | for f in *.key; do ssh-add $f; done | ||
| rev 3 | rev 4 | ||||
|---|---|---|---|---|---|
| 27 | The user's *authorized_keys* file may contain none or many keys. | 27 | The user's *authorized_keys* file may contain none or many keys. | ||
| 28 | 28 | ||||
| n | 29 | Permissions: | n | 29 | .. warning:: |
| 30 | *authorized_keys*: | 30 | |||
| 31 | file must be mode 400 | 31 | The *authorized_keys* file must be mode 400 | ||
| 32 | *.ssh*: | 32 | |||
| 33 | directory must be mode 700 | 33 | The *.ssh* directory must be mode 700 | ||
| 34 | 34 | ||||
| 35 | 35 | ||||
| 44 | The SSH agent will prompt for each key's passphrase in turn. | 44 | The SSH agent will prompt for each key's passphrase in turn. | ||
| 45 | This must be done after each reboot. | 45 | This must be done after each reboot. | ||
| t | t | 46 | |||
| 47 | Could not open a connection to your authentication agent | ||||
| 48 | --------------------------------------------------------------- | ||||
| 49 | |||||
| 50 | You must have a running ssh-agent and your shell must have access to use it. | ||||
| 51 | If you get this error message when you attempt to run ssh-add then | ||||
| 52 | first run the following command to spawn an ssh-agent for this shell: | ||||
| 53 | |||||
| 54 | .. code-block:: bash | ||||
| 55 | |||||
| 56 | eval "$(ssh-agent)" | ||||
| 57 | |||||
| 58 | Now try to run ssh-add again. | ||||
| 59 | |||||
| 60 | Another command for debugging: | ||||
| 61 | |||||
| 62 | .. code-block:: bash | ||||
| 63 | |||||
| 64 | echo $SSH_AUTH_SOCK | ||||
| 46 | 65 | ||||
| 47 | How to create a putty ppk | 66 | How to create a putty ppk | ||
| rev 1 | rev 2 | ||||
|---|---|---|---|---|---|
| 27 | The user's *authorized_keys* file may contain none or many keys. | 27 | The user's *authorized_keys* file may contain none or many keys. | ||
| 28 | 28 | ||||
| t | 29 | .. warning:: | t | 29 | Permissions: |
| 30 | 30 | *authorized_keys*: | |||
| 31 | The *authorized_keys* file must be mode 400 | 31 | file must be mode 400 | ||
| 32 | 32 | *.ssh*: | |||
| 33 | The *.ssh* directory must be mode 700 | 33 | directory must be mode 700 | ||
| 34 | 34 | ||||
| 35 | 35 | ||||
| empty | rev 1 | ||||
|---|---|---|---|---|---|
| t | t | 1 | Public and Private SSH Keys | ||
| 2 | ############################## | ||||
| 3 | |||||
| 4 | I tend to think of: | ||||
| 5 | |||||
| 6 | * a server host as a "house" | ||||
| 7 | * a public key as a "lock" on a door of a "house" | ||||
| 8 | * a private key as a "key" to the "lock" on a door of a "house" | ||||
| 9 | |||||
| 10 | In this way, anyone might have access to the outside of a "house". | ||||
| 11 | Anyone could have access to the "lock" on a house. | ||||
| 12 | Only you should have access to the private "key". | ||||
| 13 | |||||
| 14 | How to create a new public and private ssh keypair | ||||
| 15 | ====================================================== | ||||
| 16 | |||||
| 17 | Create a ssh public/private keypair:: | ||||
| 18 | |||||
| 19 | ssh-keygen -t rsa -b 4096 #enter a passphrase when asked | ||||
| 20 | |||||
| 21 | Document the passphrase in keypass | ||||
| 22 | |||||
| 23 | How to add the public key to a host | ||||
| 24 | ==================================== | ||||
| 25 | |||||
| 26 | Append the contents of .pub key to a remote host's ~/.ssh/authorized_keys. | ||||
| 27 | The user's *authorized_keys* file may contain none or many keys. | ||||
| 28 | |||||
| 29 | .. warning:: | ||||
| 30 | |||||
| 31 | The *authorized_keys* file must be mode 400 | ||||
| 32 | |||||
| 33 | The *.ssh* directory must be mode 700 | ||||
| 34 | |||||
| 35 | |||||
| 36 | How to add a private key to your workstation | ||||
| 37 | =============================================== | ||||
| 38 | |||||
| 39 | Keep all your private keys in the same directory with the .key extension. | ||||
| 40 | Use the following script to add all private .key files to ssh agent:: | ||||
| 41 | |||||
| 42 | for f in *.key; do ssh-add $f; done | ||||
| 43 | |||||
| 44 | The SSH agent will prompt for each key's passphrase in turn. | ||||
| 45 | This must be done after each reboot. | ||||
| 46 | |||||
| 47 | How to create a putty ppk | ||||
| 48 | =============================== | ||||
| 49 | |||||
| 50 | #. Create a keypair: `How to create a new public and private ssh keypair`_ | ||||
| 51 | #. SCP the keypair from unix host to windows host | ||||
| 52 | #. Download and open puttygen.exe | ||||
| 53 | |||||
| 54 | * Click the *Load* button | ||||
| 55 | * Browse to the private key, | ||||
| 56 | might need to choose 'All Files(\*.\*)' from dropdown | ||||
| 57 | * enter passphrase, click *OK* | ||||
| 58 | * Click the *Save private key* bytton | ||||
| 59 | * Name the new key with .ppk extension, and hit *Save* | ||||
| 60 | |||||
| 61 | #. Add the .ppk to putty.exe and test | ||||
Remarkbox