I have already copied an SSH key to a server with ssh-copy-id -i ~/.ssh/skynet_key.pub.
Now I am building the gitlab-ci pipeline and have generated an new SSH key pair on my computer. I saved the private key as a variable in my gitlab project account.
Now I want to upload the new public key to the server.
My question is can I do this again from my local computer with ssh-copy-id?
Because I already have an SSH key pair distributed on both systems.
Would there be any problems here?
If so, how can I transfer the public key to the server?
Manually add the pubKey to authorized_keys?
As mentioned here, you can use the -o option (passed to SSH) to specify an existing key, in order to copy your second key:
ssh-copy-id -i ~/.ssh/<your-new-id-to-install> \
-o 'IdentityFile ~/.ssh/<your-already-existing-id>' \
<servername>`
Related
I'm trying to add an ssh key(private key) to CircleCI, but I have a question.
Which private key do I have to add, private key generated on local PC or generated on server what I want to access with ssh?
Document says that In a terminal, generate the key with ssh-keygen -t ed25519 -C "your_email#example.com".
I know ssh-keygen it can create a public and private key inside ~/.ssh by default as id_rsa and id_rsa.pub
eg:
ssh-keygen
Later on we add the id_rsa.pub to the known_hosts of the server, so that we can do
ssh user#hostname.com
But I see we use ssh-add to pass private key so that we can login without the need of password
Eg:
ssh-add <(echo "$SSH_PRIVATE_KEY")
for this we need to start ssh-agent
eval $(ssh-agent -s)
and then
ssh user#hostname.com
Assuming there is already ~/.ssh/id_rsa. So here how does ssh know which private key it has to use
ssh, if it finds a value for SSH_AUTH_SOCK in the environment, will ask that agent for all private keys and try them one by one, unless you tell it which specific key to use via the -i command-line option or the IdentitiyFile configuration option.
The main benefit of ssh-agent is that it can hold unencrypted keys in memory, so that you only need to use the key's passphrase once, when it is added to the agent, rather than every time ssh tries to use the key.
(The other benefit is that if you have multiple ssh connections in a chain, you can keep the private keys in an agent on the first machine. The ssh client can forward the agent connection to the remote machine, where ssh clients can access the agent to use keys for the next step in the chain.)
I've added my public key to the metadata for my project in the developer's console, when I ssh into an Ubuntu VM instance I can see my public key in the file ~/.ssh/authorized_keys but when I try to use it to clone a project from Bitbucket I receive the error Permission denied (publickey)
If I ssh-add -l I just get The agent has no identities. Is there something else I'm supposed to be doing to use my existing public key on GCE instances?
You are mixing up things. There are two keys, public and private (for example ~/.ssh/id_rsa{,.pub}). You are adding public key where you want to ssh/login and store private key on you computer/computer from where you want to ssh/login.
If you want to use your key pair for cloning from BitBucket from your VM, you need to do one of these things:
Using local forwarded keys
create key pair on local machine: ssh-keygen
store public key in BitBucket
add this key pair into ssh agent: ssh-add path/to/private/key
ssh into VM with agent forwarding: ssh -K your-vm
do your clone: git clone your-repo
Using separate key pair
ssh to your VM: ssh your-vm
create key pair on VM: ssh-keygen
store public key in BitBucket
do your clone: git clone your-repo
The first solution is more useful if you don't want to have many keys and the operations with repository will not happen without your participation (cron jobs). The second one is more helpful if you want to update repo using cron and run some automation on this.
What I want to do is to copy key to another host.
ssh-copy-id -i ~/.ssh/id_rsa user#host
I get error:
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '[homedir].ssh/id_rsa.pub':
So there is no public key. So where is it? I tried to use command
sudo find / -name id_rsa.pub
but it only found one which I generated experimentally in my test directory. I tried sending the experimental from the test directory, but then it keeps infinitely asking paraphrase and does not send when I keep pasting.
So there is something wrong.
I could regenerate using
ssh-keygen -t rsa
but then it tries to use ~./.ssh directory
and wants to overwrite private id_rsa key. I am afraid this might brake something.
So how do I get my public key file?
Just in case someone else comes here looking for an answer to the OP's question... and to directly answer that question (namely, how can you re-generate the .pub key in a situation where it is missing, and you only have the private key)...
Here is the answer:
Regenerating a .pub key from the private key
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
The -y option is the command instructing ssh-keygen to output your public key.
This will re-generate the .pub part of the pair. Just as the OP pointed out, if you simply generate a new pair, and replace the old private key, you will lose access to whatever servers you have already provided your public key to. Sure, you can go through the process of providing a new public key to those servers, but why go through that hassle if it can be easily avoided?
RSA keys work on pairs. You can generate ssh private and public keys any number of times..it does not break anything. It simply replaces the old one with a newly generated keys. This only requires you to copy the newly generated public key id_rsa.pub to your remote machine's ~/.ssh/authorized_keys file in order for you to access secure shell using rsa keys.
So generate new rsa keys on your home's .ssh directory (your old keys are replaced by new ones) and copy to the remote host's .ssh directory
cd /home/<your_username>/.ssh
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub remote_username#host:~/.ssh/authorized_keys
then
ssh remote_username#host
Keep passphrase empty while generating your new keys unless you want to enter passphrase every time you try to make a ssh connection.
NOTE: you need to append your public key to authorized_keys file in remote host's ~/.ssh directory if it already exists holding other client's public keys.
The typical procedure for a user to add an authorized key to ~/.ssh/authorized_keys is:
Copy the public key on the remote host with scp.
Connect with ssh and add the key to the file.
Such a procedure is for instance described in an answer to ”How to add a ssh key to remote server?”
Is this possible to add the key in only one step — with only one login to the remote server? An answer working on FreeBSD and Debian GNU/Linux (both with OpenSSH) would be great.
ssh-copy-id user#hostname.com -i filename_of_key_to_copy