I'm trying to add an ssh key(private key) to CircleCI, but I have a question.
Which private key do I have to add, private key generated on local PC or generated on server what I want to access with ssh?
Document says that In a terminal, generate the key with ssh-keygen -t ed25519 -C "your_email#example.com".
Related
I accidentally deleted my id_rsa_gitlab file, and when I wanted to clone from GitLab, I received this error.
no such identity:/Users/directory/.ssh/id_rsa_gitlab: No such file or directory
I'm new to pipelines, and I tried to follow tutorials on how to configure .ssh, but it's just the id_rsa file that gets configured.
The command would be:
ssh-keygen -t rsa -P "" -f /Users/directory/.ssh/id_rsa_gitlab
That would restore a private/public key, and you need to register the public key to your account.
Check which Host entry references that private key in your /Users/directory/.ssh/config file.
Generate a new SSH key and add it to your GitLab repository.
See Adding your SSH key to GitLab.
I have already copied an SSH key to a server with ssh-copy-id -i ~/.ssh/skynet_key.pub.
Now I am building the gitlab-ci pipeline and have generated an new SSH key pair on my computer. I saved the private key as a variable in my gitlab project account.
Now I want to upload the new public key to the server.
My question is can I do this again from my local computer with ssh-copy-id?
Because I already have an SSH key pair distributed on both systems.
Would there be any problems here?
If so, how can I transfer the public key to the server?
Manually add the pubKey to authorized_keys?
As mentioned here, you can use the -o option (passed to SSH) to specify an existing key, in order to copy your second key:
ssh-copy-id -i ~/.ssh/<your-new-id-to-install> \
-o 'IdentityFile ~/.ssh/<your-already-existing-id>' \
<servername>`
I'm trying to create an ansible and I want an ssh key specific for the ansible that requires no passphrase (for automation pourposes). Here's what I've done:
> ssh-keygen -t ed25519 -C "ansible"
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\user_name/.ssh/id_ed25519): C:\Users\user_name/.ssh/ansible
At the following:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
I left them empty and just pressed enter and
the public/private key files get created.
I copied the public key to the VM I want to connect to and made sure it's there by looking inside the
~/.ssh/authorized_keys
But when I try connecting to the VM, with the ansible specific ssh key I just created (which doesn't require a passphrase) it asks me for the password...
ssh -i C:\Users\user_name/.ssh/ansible ip_addr
user_name#ip_addr's password:
Now, I believe the password is asking for it's the one of the VM itself, not the ssh key, but I was expecting to ssh inside without having to enter any sort of password. What am I missing?
The host machine is Windows 10, the VM has Ubuntu 20.04
I'm using Yubikey 5 NFC and want to move my openssh key into it so that I can authenticate for ssh login via this Yubikey.
Maybe you will suggest to generate a new gpg keypair for Yubikey and use the gpg-agent instead of ssh-agent to authenticate. But I still want to move my current ssh private key into Yubikey because this way I don't have to edit authorized_keys everywhere.
I tried to do this following this article:
https://www.mvps.net/docs/how-to-add-your-existing-ssh-key-to-yubikey-via-openpgp/
which suggest to use pem2openpgp from monkeysphere to translate my ssh key into gpg key and somehow write this translated gpg key into Yubikey (via keytocard command of gpg).
But after all these done. I find that the fingerprint of my ssh key is changed, this is confirmed by following command:
$ ssh-keygen -lf ~/.ssh/id_rsa.pub
$ ssh-add -l
And the fact that the fingerprint changed makes using my current ssh key meaningless -- I still need to edit authorized_keys everywhere to make the "new public key" work.
So is there any other way which can write my old ssh key into Yubikey and keep the old key's fingerprint?
What I want to do is to copy key to another host.
ssh-copy-id -i ~/.ssh/id_rsa user#host
I get error:
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '[homedir].ssh/id_rsa.pub':
So there is no public key. So where is it? I tried to use command
sudo find / -name id_rsa.pub
but it only found one which I generated experimentally in my test directory. I tried sending the experimental from the test directory, but then it keeps infinitely asking paraphrase and does not send when I keep pasting.
So there is something wrong.
I could regenerate using
ssh-keygen -t rsa
but then it tries to use ~./.ssh directory
and wants to overwrite private id_rsa key. I am afraid this might brake something.
So how do I get my public key file?
Just in case someone else comes here looking for an answer to the OP's question... and to directly answer that question (namely, how can you re-generate the .pub key in a situation where it is missing, and you only have the private key)...
Here is the answer:
Regenerating a .pub key from the private key
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
The -y option is the command instructing ssh-keygen to output your public key.
This will re-generate the .pub part of the pair. Just as the OP pointed out, if you simply generate a new pair, and replace the old private key, you will lose access to whatever servers you have already provided your public key to. Sure, you can go through the process of providing a new public key to those servers, but why go through that hassle if it can be easily avoided?
RSA keys work on pairs. You can generate ssh private and public keys any number of times..it does not break anything. It simply replaces the old one with a newly generated keys. This only requires you to copy the newly generated public key id_rsa.pub to your remote machine's ~/.ssh/authorized_keys file in order for you to access secure shell using rsa keys.
So generate new rsa keys on your home's .ssh directory (your old keys are replaced by new ones) and copy to the remote host's .ssh directory
cd /home/<your_username>/.ssh
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub remote_username#host:~/.ssh/authorized_keys
then
ssh remote_username#host
Keep passphrase empty while generating your new keys unless you want to enter passphrase every time you try to make a ssh connection.
NOTE: you need to append your public key to authorized_keys file in remote host's ~/.ssh directory if it already exists holding other client's public keys.