I'm constantly setting up passwordless ssh environments. And, while there are many howTos out there, most are rather long. This is going to be very short and without much explanation. Read the load documents for the details. I plan to add screen-shots, but that has to wait until after my wrist heals. I broke it badly just the day before yesterday.
PuTTY doesn't natively support the private key format (.pem)
You must convert your private key into a .ppk file
before you can connect to your instance using PuTTY
ssh-keygen generates 2 files.
- id_rsa: The private key
- id_rsa.pub: The public key
PuTTYgen will genrate the ppk for use with PuTTY.
On Linux (I’m using CentOS 8)
=================================
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa -C "yourEmailAddr#yahoo.com"
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/*
cp ~/.ssh/* /VMShare/ssh/ #a common mount between my virtual machines and windows
on Windows
----------
1. open PuTTYgen Click Load and open the private file (normally id_rsa)
2. Click “Save Private Key” and choose a name. I use id_rsa.ppk
3. Open Putty
3.1. Set Connection->Data->Auto-login username as appropriate
3.2. set the Connection->SSH->Auth->”Private key file for authentication” to the ppk file.
To setup 1 way ssh between 2 Linux machines
-------------------------------------------
copy the id_rsa file to ~/.ssh on the second machine
Next: chmod 400 ~/.ssh/id_rsa
Now you can ssh from the second machine to the first
To setup 1 way ssh between 2 Linux machines
-------------------------------------------
Copy the id_rsa and id_rsa.pub file to ~/.ssh on the second machine
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 400 ~/.ssh/authorized_keys ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
To Test the ssh use:
--------------------
ssh -i id_rsa.pub user#host1
<https://help.dreamhost.com/hc/en-us/articles/215464758-How-do-I-set-up-passwordless-login-in-PuTTY->
On Ubuntu I generated a key using ssh-keygen -t rsa -b 4096 command.
While trying to convert the generated key to OpenSSH format with
ssh-keygen -i -f id_rsa.pub > id_rsa_openssh.pub, I get error uudecode failed.
Any idea how to resolve this error.
Probably too late but using
ssh-keygen -e -f id_rsa.pub > id_rsa_openssh.pub
worked for me.
I'm trying to store (append) the public key to a file (~/.ssh/authorized_keys) for a private key (private-key.pem) that actually is stored in s3, all using bash script.
Retrieving public key using a file:
ssh-keygen -y -f /path/to/private-key.pem
Output:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClKsfkNkuSevGj3eYhCe53pcjqP3maAhDFcvBS7O6V
hz2ItxCih+PnDSUaw+WNQn/mZphTk/a/gU8jEzoOWbkM4yxyb/wB96xbiFveSFJuOp/d6RJhJOI0iBXr
lsLnBItntckiJ7FbtxJMXLvvwJryDUilBMTjYtwB+QhYXUMOzce5Pjz5/i8SeJtjnV3iAoG/cQk+0FzZ
qaeJAAHco+CY/5WrUBkrHmFJr6HcXkvJdWPkYQS3xqC0+FmUZofz221CBt5IMucxXPkX4rWi+z7wB3Rb
BQoQzd8v7yeb7OzlPnWOyN0qFU0XA246RA8QFYiCNYwI3f05p6KLxEXAMPLE
Then manually add the content to the dest file, this is fine, but I want to do it with a command, retrieving a file stored in a s3 (public url) and append the content output to a file (~/.ssh/authorized_keys).
I tried this:
ssh-keygen -y -f /dev/stdin <<< `curl https://bucket.s3.amazonaws.com/private-key.pem` >> ~/.ssh/authorized_keys
Output:
Load key "/dev/stdin": invalid format
And this:
curl https://bucket.s3.amazonaws.com/private-key.pem | ssh-keygen -y -f /dev/stdin >> ~/.ssh/authorized_keys
Output:
Permissions 0660 for '/dev/stdin' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/dev/stdin": bad permissions
After looking other related question, found that fifo or named pipes can have permissions, so I tried this and worked as expected, hope it helps anyone.
create named pipe with permission (pipe with name fifo)
mkfifo -m 600 fifo
run command pointing that pipe
curl -s https://bucket.s3.amazonaws.com/private-key.pem > fifo | ssh-keygen -y -f fifo >> ~/.ssh/authorized_keys
all in one command
mkfifo -m 600 fifo && curl -s https://bucket.s3.amazonaws.com/private-key.pem > fifo | ssh-keygen -y -f fifo >> ~/.ssh/authorized_keys
Is there a way to add root's ssh private key in ssh-agent, with a standard sudo user?
I'm not really sure, but is this the restriction with this command?
In the ssh-add man page I found this:
Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others.
Thats the output:
sudouser#myhost:/ $ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-Yppfd3Xp0Yrm/agent.2429; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2430; export SSH_AGENT_PID;
echo Agent pid 2430;
sudouser#myhost:/ $ eval $(ssh-agent)
Agent pid 2435
sudouser#myhost:/ $ ssh-add /home/sudouser/.ssh/id_rsa
Enter passphrase for /home/sudouser/.ssh/id_rsa:
Identity added: /home/sudouser/.ssh/id_rsa (/home/sudouser/.ssh/id_rsa)
Works as expected.
But with root's key i get:
sudouser#myhost:/ sudo ssh-add /root/.ssh/ansible/id_rsa
or
sudouser#myhost:/ sudo sh -c 'ssh-add /root/.ssh/ansible/id_rsa'
Could not open a connection to your authentication agent.
sudo clears environment variables. ssh-add needs SSH_AUTH_SOCK and SSH_AGENT_PID in order to know how to speak to ssh-agent. So you must trick it by adding them back in the command:
sudo sh -c 'export SSH_AUTH_SOCK="'"$SSH_AUTH_SOCK"'"; export SSH_AGENT_PID="'"$SSH_AGENT_PID"'"; ssh-add /path/to/roots/private/key'
Possible alternative answer, sudo has a option to preserve environment variables:
sudo --preserve-env=SSH_AUTH_SOCK -i
Alternatively you can add this line to the sudoers file to get the same effect:
Defaults env_keep+=SSH_AUTH_SOCK
I am trying to copy a public key to the clipboard on macOS, but I keep getting "no such file or directory." The command I am using is pasted below
pbcopy < ~/.ssh/id_rsa.pub
cat ~/.ssh/id_rsa.pub
then you can copy your ssh key
To copy your public key to the clipboard
cat ~/.ssh/id_rsa.pub | pbcopy
This pipes the output of the file to pbcopy.
Another alternative solution, that is recommended in the github help pages:
pbcopy < ~/.ssh/id_rsa.pub
Should this fail, I recommend using their docs to trouble shoot or generate a new key - if not already done.
Github docs
Check the path where you have generated the public key. You can also copy the id_rsa by using this command:
clip < ~/.ssh/id_rsa.pub
Your command is right, but the error shows that you didn't create your ssh key yet. To generate new ssh key enter the following command into the terminal.
ssh-keygen
After entering the command then you will be asked to enter file name and passphrase. Normally you don't need to change this. Just press enter. Then your key will be generated in ~/.ssh directory. After this, you can copy your key by the following command.
pbcopy < ~/.ssh/id_rsa.pub
or
cat .ssh/id_rsa.pub | pbcopy
You can find more about this here ssh.
For using Git bash on Windows:
cat ~/.ssh/id_rsa.pub > /dev/clipboard
(modified from Jupiter St John's post on Coderwall)
Windows:
cat ~/.ssh/id_rsa.pub
Mac OS:
cat ~/.ssh/id_rsa.pub | pbcopy
With PowerShell on Windows, you can use:
Get-Content ~/.ssh/id_rsa.pub | Set-Clipboard
To copy your public ssh key on a Windows machine you can do:
Go to the "/ssh" folder
cd C:\Users\<your-user>\.ssh\
List to see the keys
ls ~/.ssh
Copy the public key to clipboard(starts with "id_" and ends with ".pub")
type id_xxxxxxx.pub | clip
Does the file ~/.ssh/id_rsa.pub exist? If not, you need to generate one first:
ssh-keygen -t rsa -C "your_email#example.com"
Another alternative solution:
cat ~/.ssh/id_rsa.pub | xsel -i -b
From man xsel :
-i, --input
read standard input into the selection.
-b, --clipboard
operate on the CLIPBOARD selection.
Although the OP mentions one possible ssh key file name (id_rsa.pub), no one has mentioned that there are different possible names for your ssh key.
Github accepts three, for example:
id_rsa.pub
id_ecdsa.pub
id_ed25519.pub
You would be better off checking if you have any keys, such as:
$ ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist
Based on what you find, then use your copy command, such as
pbcopy < ~/.ssh/<your_key>
See Github's Documentation on checking for existing keys.
cat .ssh/id_rsa.pub | bcopy
This works for me.