How to extract or get the 4096 ssh key format from existing 2048 ssh key in window 10.
As i am want to use one web development tools, it requires only 4096 ssh key format, if i have generated new ssh key then old environments and tools won't work so i don't want to break current system workflow.
Is there any way to generate new 4096 ssh key without overwrite the existing ssh key?
or
Can we maintain multiple ssh key in our system?
Please help us.
I found the answers. We can maintain multiple ssh keys in our system.
While generating the ssh key, we have to give unique key name which shouldn't be old key name. We can maintain separate folder for new ssh keys.
PS : Please take backup of existing ssh keys available in ".ssh/" folder before generate new keys.
This command is used to generate ssh key : ssh-keygen -b 4096
Related
I have already copied an SSH key to a server with ssh-copy-id -i ~/.ssh/skynet_key.pub.
Now I am building the gitlab-ci pipeline and have generated an new SSH key pair on my computer. I saved the private key as a variable in my gitlab project account.
Now I want to upload the new public key to the server.
My question is can I do this again from my local computer with ssh-copy-id?
Because I already have an SSH key pair distributed on both systems.
Would there be any problems here?
If so, how can I transfer the public key to the server?
Manually add the pubKey to authorized_keys?
As mentioned here, you can use the -o option (passed to SSH) to specify an existing key, in order to copy your second key:
ssh-copy-id -i ~/.ssh/<your-new-id-to-install> \
-o 'IdentityFile ~/.ssh/<your-already-existing-id>' \
<servername>`
I'm using Yubikey 5 NFC and want to move my openssh key into it so that I can authenticate for ssh login via this Yubikey.
Maybe you will suggest to generate a new gpg keypair for Yubikey and use the gpg-agent instead of ssh-agent to authenticate. But I still want to move my current ssh private key into Yubikey because this way I don't have to edit authorized_keys everywhere.
I tried to do this following this article:
https://www.mvps.net/docs/how-to-add-your-existing-ssh-key-to-yubikey-via-openpgp/
which suggest to use pem2openpgp from monkeysphere to translate my ssh key into gpg key and somehow write this translated gpg key into Yubikey (via keytocard command of gpg).
But after all these done. I find that the fingerprint of my ssh key is changed, this is confirmed by following command:
$ ssh-keygen -lf ~/.ssh/id_rsa.pub
$ ssh-add -l
And the fact that the fingerprint changed makes using my current ssh key meaningless -- I still need to edit authorized_keys everywhere to make the "new public key" work.
So is there any other way which can write my old ssh key into Yubikey and keep the old key's fingerprint?
I am using rhc cli tool for OpenShift projects. I have encountered a problem with default rhc ssh key.
On any ssh related action (setup, app-create, etc..) rhc creates ~/.ssh/id_rsa key if it does not exist. I do not like that behaviour, and I would like it to use something like ~/.ssh/OpenShift-SSH-Keys/my_id_rsa.
Because during rhc setup, it did not ask me from which location I wanted to load the keys. Thus I also looked in ~/.openshift/express.conf and I only saw the configurations for ssl; not ssh.
So I found on the internet this following configuration line to add to ~/.openshift/express.conf:
ssh_key_file='~/.ssh/OpenShift-SSH-Keys/my_id_rsa'
I added it and also modified my ~/.ssh/config file:
# Openshift *.rhcloud.com ssh-key config
Host *.rhcloud.com
IdentityFile ~/.ssh/OpenShift-SSH-Keys/my_id_rsa
IdentitiesOnly yes
VerifyHostKeyDNS yes
StrictHostKeyChecking no
PasswordAuthentication no
UserKnownHostsFile ~/.ssh/known_hosts
To finish I setup my account like that:
rhc setup --config ~/.openshift/express.conf -l myusername#gmail.com
Output of this command line:
OpenShift Client Tools (RHC) Setup Wizard
This wizard will help you upload your SSH keys, set your application namespace, and check that other programs like Git are
properly installed.
If you have your own OpenShift server, you can specify it now. Just hit enter to use the server for OpenShift Online:
openshift.redhat.com.
Enter the server hostname: |openshift.redhat.com|
You can add more servers later using 'rhc server'.
Using myusername#gmail.com to login to openshift.redhat.com
RSA 1024 bit CA certificates are loaded due to old openssl compatibility
Password: ************************
OpenShift can create and store a token on disk which allows to you to access the server without using your password. The
key is stored in your home directory and should be kept secret. You can delete the key at any time by running 'rhc
logout'.
Generate a token now? (yes|no) yes
Generating an authorization token for this client ... RSA 1024 bit CA certificates are loaded due to old openssl compatibility
lasts 29 days
Saving configuration to /Users/theuser/.openshift/express.conf ... done
No SSH keys were found. We will generate a pair of keys for you.
Created: /Users/theuser/.ssh/id_rsa.pub
Your public SSH key must be uploaded to the OpenShift server to access code. Upload now? (yes|no) no
You can upload your public SSH key at a later time using the 'rhc sshkey' command
Checking for git ... found git version 2.5.0
Checking common problems .. done
Checking for a domain ... mydomainz1955
Checking for applications ... found 1
myapp http://myapp-mydomainz1955.rhcloud.com/
You are using 2 of 3 total gears
The following gear sizes are available to you: small
Your client tools are now configured.
As you can see in the output of the command line: No SSH keys were found. We will generate a pair of keys for you., although I specified in the ~/.openshift/express.conf that I already had ssh keys generated, rhc setup did not take them in consideration or did not find them.
So according to you guys, is it possible to somehow specify a different location for ssh keys loading during rhc setup?
Note: I know how to add additional ssh key, but I would like to stop rhc creating/using ~/.ssh/id_rsa
As far as I see you just want rhc to not use your default ssh key. So here is how you create a separate key and configure rhc to use it instead of the default one.
Key points are that:
you select no to generating and uploading ssh key during rhc
setup
you add your key separately with rhc sshkey add
you configure ssh to use the different key for that domain as you
list in your original example
Does this cover your concerns?
[crackit#koTapaH ~]$ mkdir /home/crackit/my_key_location
[crackit#koTapaH ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/crackit/.ssh/id_rsa): /home/crackit/my_key_location/key.rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/crackit/my_key_location/key.rsa.
Your public key has been saved in /home/crackit/my_key_location/key.rsa.pub.
The key fingerprint is:
c5:20:15:fb:17:96:86:8f:88:28:18:17:2a:b8:eb:51 crackit#koTapaH
The key's randomart image is:
+--[ RSA 2048]----+
| . ..+. |
|.. . . + . . |
|= . . + = |
|.= . . + = . |
|o .E. . S o o |
| ... . |
|.. |
|. . |
| . |
+-----------------+
[crackit#koTapaH ~]$ rhc setup
OpenShift Client Tools (RHC) Setup Wizard
This wizard will help you upload your SSH keys, set your application namespace,
and check that other programs like Git are properly installed.
If you have your own OpenShift server, you can specify it now. Just hit enter to
use the server for OpenShift Online: openshift.redhat.com.
Enter the server hostname: |openshift.redhat.com|
You can add more servers later using 'rhc server'.
Login to openshift.redhat.com:
Login to openshift.redhat.com: asdfgg#example.com
Password: *************
OpenShift can create and store a token on disk which allows to you to access the
server without using your password. The key is stored in your home directory and
should be kept secret. You can delete the key at any time by running 'rhc
logout'.
Generate a token now? (yes|no) yes
Generating an authorization token for this client ... lasts about 1 month
Saving configuration to /home/crackit/.openshift/express.conf ... done
No SSH keys were found. We will generate a pair of keys for you.
Created: /home/crackit/.ssh/id_rsa.pub
Your public SSH key must be uploaded to the OpenShift server to access code.
Upload now? (yes|no)
no
You can upload your public SSH key at a later time using the 'rhc sshkey'
command
Checking for git ... found git version 2.1.0
Checking common problems .. done
Checking for a domain ... foobar
Checking for applications ... found 2
jenkins http://jenkins-foobar.rhcloud.com/
tmp http://tmp-foobar.rhcloud.com/
You are using 2 of 3 total gears
The following gear sizes are available to you: small, medium
Your client tools are now configured.
[crackit#koTapaH ~]$ rhc sshkey add mykey my_key_location/key.rsa.pub
RESULT:
SSH key my_key_location/key.rsa.pub has been added as 'mykey'
[crackit#koTapaH ~]$ vi .ssh/config
<.. do your modifications here ..>
[crackit#koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040#tmp-foobar.rhcloud.com ...
*********************************************************************
You are accessing a service that is for use only by authorized users.
If you do not have authorization, discontinue use at once.
Any use of the services is subject to the applicable terms of the
agreement which can be found at:
https://www.openshift.com/legal
*********************************************************************
Welcome to OpenShift shell
This shell will assist you in managing OpenShift applications.
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Shell access is quite powerful and it is possible for you to
accidentally damage your application. Proceed with care!
If worse comes to worst, destroy your application with "rhc app delete"
and recreate it
!!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
Type "help" for more info.
[tmp-foobar.rhcloud.com 550000a0e0b8cdca4c000040]\> exit
exit
Connection to tmp-foobar.rhcloud.com closed.
[crackit#koTapaH ~]$
Update: I didn't notice keys are generated. But I am sure that the generated keys during rhc setup are not actually used. First because the keys from default location are never added to openshift. And you can see a quick proof below. Another way to see is rhc sshkeys list.
Another thing is that if you already have keys in default location, then no keys are generated (in which case you still select no to not upload them). But it is actually a minor bug IMO in rhc that ssh keys are generated without asking the user. It might be a very rare use case - you don't have default key and you want to use a key from non-standard location (this is not your use case where you have a key in standard location, just don't want to use it) but still IMO one shouldn't generate something user did not request. So here's how I show you that only my desired custom key is used:
[crackit#koTapaH ~]$ rm -rf .ssh/id_rsa*
[crackit#koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040#tmp-foobar.rhcloud.com ...
<...>
Type "help" for more info.
[tmp-foobar.rhcloud.com 550000a0e0b8cdca4c000040]\> exit
exit
Connection to tmp-foobar.rhcloud.com closed.
[crackit#koTapaH ~]$ ls .ssh/
config known_hosts
[crackit#koTapaH ~]$
Update 2 Of course token cannot help you with ssh:
[crackit#koTapaH ~]$ rm -rf my_key_location
[crackit#koTapaH ~]$ rhc ssh tmp
Connecting to 550000a0e0b8cdca4c000040#tmp-foobar.rhcloud.com ...
no such identity: /home/crackit/my_key_location/key.rsa: No such file or directory
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
SSH key is used for ssh. Token is used for API requests. These are different use cases. rhc uses the ssh executable underneath so using a custom key means to edit ~/.ssh/config to set your default key to another location or set different keys for different hosts. This is not handled well by rhc setup. But once you have your key set, you don't have to run rhc setup anymore.
What I want to do is to copy key to another host.
ssh-copy-id -i ~/.ssh/id_rsa user#host
I get error:
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '[homedir].ssh/id_rsa.pub':
So there is no public key. So where is it? I tried to use command
sudo find / -name id_rsa.pub
but it only found one which I generated experimentally in my test directory. I tried sending the experimental from the test directory, but then it keeps infinitely asking paraphrase and does not send when I keep pasting.
So there is something wrong.
I could regenerate using
ssh-keygen -t rsa
but then it tries to use ~./.ssh directory
and wants to overwrite private id_rsa key. I am afraid this might brake something.
So how do I get my public key file?
Just in case someone else comes here looking for an answer to the OP's question... and to directly answer that question (namely, how can you re-generate the .pub key in a situation where it is missing, and you only have the private key)...
Here is the answer:
Regenerating a .pub key from the private key
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
The -y option is the command instructing ssh-keygen to output your public key.
This will re-generate the .pub part of the pair. Just as the OP pointed out, if you simply generate a new pair, and replace the old private key, you will lose access to whatever servers you have already provided your public key to. Sure, you can go through the process of providing a new public key to those servers, but why go through that hassle if it can be easily avoided?
RSA keys work on pairs. You can generate ssh private and public keys any number of times..it does not break anything. It simply replaces the old one with a newly generated keys. This only requires you to copy the newly generated public key id_rsa.pub to your remote machine's ~/.ssh/authorized_keys file in order for you to access secure shell using rsa keys.
So generate new rsa keys on your home's .ssh directory (your old keys are replaced by new ones) and copy to the remote host's .ssh directory
cd /home/<your_username>/.ssh
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub remote_username#host:~/.ssh/authorized_keys
then
ssh remote_username#host
Keep passphrase empty while generating your new keys unless you want to enter passphrase every time you try to make a ssh connection.
NOTE: you need to append your public key to authorized_keys file in remote host's ~/.ssh directory if it already exists holding other client's public keys.
I have used servers on amazon AWS where they send me a public key .pem file and when I ssh in, all I have to do is:
ssh -i key.pem user#server
I now have a server of my own and am trying to figure out how I can do this with my server so I can automate commands to my server via ssh.
I imagine that I need to generate this key on my server and copy it to my client machine. How do I generate this key?
On the client machine you wish to login from, run ssh-keygen. For a quick and easy key, just hit enter on all of the questions. This will create a key pair in ~/.ssh. Specifically, ~/.ssh/id_rsa is your private key (keep this one safe), and ~/.ssh/id_rsa.pub is your public key (okay to distribute).
Copy your public key (~/.ssh/id_rsa.pub) onto the server that you wish to login to (e.g. scp ~/.ssh/id_rsa.pub me#myserver:. On the server, run cat id_rsa.pub >> .ssh/authorized_keys. To make sure that it has the correct permissions, you can run chmod 644 ~/.ssh/authorized_keys. Also, you can now delete the id_rsa.pub file that you copied over.
That's it! You should have password-less login from client to server. You must repeat the process with client and server swapped if you want password-less login from server to client.
Notes:
If the ~/.ssh directory does not exist on your server, the best way to create it is to ssh from the server to some other machine (e.g. the client). This will ensure that it has the correct permissions.
If you are paranoid about someone getting access to the client, you can password protect the key (one of the prompts when running ssh-keygen), but then you will have to enter that password every time you log in. The solution to this problem is to use ssh-agent.