Public and Private SSH Keys
I tend to think of:
- a server host as a "house"
- a public key as a "lock" on a door of a "house"
- a private key as a "key" to the "lock" on a door of a "house"
In this way, anyone might have access to the outside of a "house". Anyone could have access to the "lock" on a house. Only you should have access to the private "key".
Create a ssh public/private keypair using Ed25519:
ssh-keygen -o -a 100 -t ed25519 -f id_ed25519
Append the contents of .pub key to a remote host's ~/.ssh/authorized_keys. The user's authorized_keys file may contain none or many keys.
The authorized_keys file must be mode 400
The .ssh directory must be mode 700
We use the ssh agent to load our private keys into memory.
To load a key, run:
To see your loaded keys, run:
To delete all keys from memory, run:
You can forward your ssh agent session from your workstation to a remote host. To do this, pass the -A flag when connecting with the ssh command, for example:
ssh -A user@host
When you get a shell, you can double check that your ssh agent was forwarded by running:
Keep all your private keys in the same directory with the .key extension. Use the following script to add all private .key files to ssh agent:
for f in *.key; do ssh-add $f; done
The SSH agent will prompt for each key's passphrase in turn. This must be done after each reboot.
You must have a running ssh-agent and your shell must have access to use it. If you get this error message when you attempt to run ssh-add then first run the following command to spawn an ssh-agent for this shell:
Now try to run ssh-add again.
Another command for debugging:
- Create a keypair: How to create a new public and private ssh keypair
- SCP the keypair from unix host to windows host
- Download and open puttygen.exe
- Click the Load button
- Browse to the private key, might need to choose 'All Files(*.*)' from dropdown
- enter passphrase, click OK
- Click the Save private key bytton
- Name the new key with .ppk extension, and hit Save
- Add the .ppk to putty.exe and test