I am trying to set up private key validation on my server. I think this is a simple question, I just don't want to get locked out of the server by mistake! I generated an ssh key with ssh-keygen. It is just a long list of characters as such :
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAA..etc
-----END OPENSSH PRIVATE KEY-----
However, the video I am watching on deployment shows an ssh key like such:
ssh-rsa b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAA..etc USER#desktop2FBF
I am not sure if they look different because I am on a mac and the guide is using windows. But my key does not begin with ssh-rsa or end with USER#... Also, I see there are two files created with this command, the .pub one I cannot open, so I assume I am copying and pasting the key from the right file(the only one I can open).
Thanks for any help.
ssh keys come in pairs -- a public key and a private key -- and that is what ssh-keygen creates, in two separate files. The file with the .pub extension is the public key, is generally smaller, and has the form you see on the video. The private key has the form you descibe with BEGIN PRIVATE KEY. They are intentionally very different so they don't get accidentally mixed up.
To use the key-pair, you will install the public key on the server, but you keep the private key private -- it never goes anywhere and is never copied; you just use it from your private machine to access the server(s) you've installed the public key on.
So in your case, you need to open the .pub file to get the public key and copy that to you server. The private key you keep local (possibly installing it into your ssh agent)
Open the directory where you created the key.
There will be a file called [kleyname].pub, you will find something like this there [ssh-rsa b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAA..etc USER#desktop2FBF]
Related
I'm trying to make a GitClone from a Gitlab repository. I have generated a ssh key with the command ssh-keygen on my cmd:
Then i added my pub key (starting with ssh_rsa) to my Gitlab account, but whenever i try to make a gitclone, i have the following error:
Any advices? I tried to convert my key with puttygen, but still doesn't work!
The start of my pub key is ssh-rsa key..
And the private key: --BEGIN OPENSSH PRIVATE KEY--
..key..
--END OPENSSH PRIVATE KEY--
Output of ssh -v git#gitlab.(..).com
OK. i Solved the problem. Since i was using TortoiseGit to make a GitClone, this last one doesn't accepts Openssh key. Therefore, once you generate the key, you need to convert it in putty format with Puttygen. Moreover, you must pay attention to the version of the new generated key and you can change the version on puttygen on key>parameters to save key!
I've used ssh-keygen to generate a ssh key pair, and then ssh-copy-id to copy the public key to the remote server. This has worked for all systems in my local network. I followed instructions similar to this link
However, on bitbucket and github, I see this additional step of adding the private key to the ssh-agent using ssh-add <private key>
This page explains what this additional step but why is that not needed for my local network when it is needed for github and bitbucket?
Thanks
The "Adding your SSH key to the ssh-agent" documented on GitHub (same on GitLab) is only there if you generate a private SSH key protected by a passphrase (meaning, encrypted)
The idea is that, for a private SSH key used for authenticating to a remote public service like GitHub or GitLab, it is better to have an encrypted key, which makes it less dangerous if said key is leaked.
This is different for a private SSH key used inside a LAN (in your local network): using a passphrase is still a good idea but not mandatory: if the SSH key leak, you still need access to the LAN in order to use it.
I'm having troubles connecting my Workbench through SSH using my password protected key, I don't know where I have to put my password key in Workbench, it tells me "Access denied for 'none'. Authentication that can continue: publickey".
I have my credentials correct (I can connect via terminal SSH using the same user) so it makes me think that is because my ssh key is protected by password.
Where do can I put my password in Workbench?
I just came across this issue. I had a key to access an old VPN that worked since 2016.
Now I changed servers and decided to create a new key, which works fine on terminal but MySQL Workbench would give me the same error as you're getting. I copied the old key to the new server and it worked fine on the Mysql Workbench which I couldn't understand.
Comparing both keys I noticed that the old key starts like this:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info:
whereas the new key don't contain those two first lines. Then after researching a bit I learned that you have to generate the key in the PEM format in order to have those two lines at the header, so the command to generate has to include the -m PEM option and should look like this:
ssh-keygen -m PEM -t rsa -b 8192
Now Mysql Workbench works fine with that key. =]
I have successfully added an SSH key in github, can I use the same ssh key "id_rsa" and "id_rsa.pub" in bitbucket?
Do I need to include the "-----BEGIN RSA PRIVATE KEY-----" at the beginning and "-----END RSA PRIVATE KEY-----" at the end of the ssh key?
Do I also need the "host address", and where do you find it on a mac?
You can add the same public key to GitHub, Bitbucket, GitLab, and whatever other boxes you want that support SSH connections. Don't put the private key anyplace but your own system; if somebody else gets the private key then the keypair is worthless.
What exactly are you trying to do that has you pasting private keys around the Internet?
No, that isn't necessary.
What I want to do is to copy key to another host.
ssh-copy-id -i ~/.ssh/id_rsa user#host
I get error:
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '[homedir].ssh/id_rsa.pub':
So there is no public key. So where is it? I tried to use command
sudo find / -name id_rsa.pub
but it only found one which I generated experimentally in my test directory. I tried sending the experimental from the test directory, but then it keeps infinitely asking paraphrase and does not send when I keep pasting.
So there is something wrong.
I could regenerate using
ssh-keygen -t rsa
but then it tries to use ~./.ssh directory
and wants to overwrite private id_rsa key. I am afraid this might brake something.
So how do I get my public key file?
Just in case someone else comes here looking for an answer to the OP's question... and to directly answer that question (namely, how can you re-generate the .pub key in a situation where it is missing, and you only have the private key)...
Here is the answer:
Regenerating a .pub key from the private key
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
The -y option is the command instructing ssh-keygen to output your public key.
This will re-generate the .pub part of the pair. Just as the OP pointed out, if you simply generate a new pair, and replace the old private key, you will lose access to whatever servers you have already provided your public key to. Sure, you can go through the process of providing a new public key to those servers, but why go through that hassle if it can be easily avoided?
RSA keys work on pairs. You can generate ssh private and public keys any number of times..it does not break anything. It simply replaces the old one with a newly generated keys. This only requires you to copy the newly generated public key id_rsa.pub to your remote machine's ~/.ssh/authorized_keys file in order for you to access secure shell using rsa keys.
So generate new rsa keys on your home's .ssh directory (your old keys are replaced by new ones) and copy to the remote host's .ssh directory
cd /home/<your_username>/.ssh
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub remote_username#host:~/.ssh/authorized_keys
then
ssh remote_username#host
Keep passphrase empty while generating your new keys unless you want to enter passphrase every time you try to make a ssh connection.
NOTE: you need to append your public key to authorized_keys file in remote host's ~/.ssh directory if it already exists holding other client's public keys.