LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-17-2011, 11:11 PM   #1
JeffC1
Member
 
Registered: May 2008
Posts: 89

Rep: Reputation: 15
Generating SSH Key at the console - What file needs to be copied to my usb drive?


Hello all

I've been giving the task to go to a Linux console as root.
and generate a ssh rsa 4096bit key, and copy the private key to a USB drive.

1) What command should I use here? ssh-keygen -t rsa -b 4096 ?
2) Do I need to append the new private key to the authorized_users file? Which file exactly must be appended there? Would this be sufficient?

mkdir -p /home/myuser/.ssh
cat id_rsa_LOCAL.pub >> /home/myuser/.ssh/authorized_keys

Should any special permissions be applied to this file?

3) Which file must be sent to my usb drive so that I can take it home to connect with?

A step by step guide to accomplish this would be great!

Last edited by JeffC1; 02-17-2011 at 11:14 PM.
 
Old 02-17-2011, 11:27 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
This is all back-to-front; it's bad idea is to log in remotely
via root. If you're really set on doing that you have to create
a key-pair on YOUR machine, and place the PUBLIC part of YOUR
key in root's authorized_keys on the remote machine.


Cheers,
Tink
 
Old 02-17-2011, 11:46 PM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670Reputation: 670
The public key gets added to the authorized_keys file of the server. The client (at home) has both in /home/myuser/.ssh/. You don't need to be root to generate a key pair. What user will you be logging into the server as? It is better to log into a server as a regular user and use sudo instead of allowing root logins. If you must use root (e.g. only user on server) make sure that you use a very good passphrase. This will protect your private key if stolen or copied. Especially important for laptops which are often lost or stolen in airports and coffee shops.

If this is your home clients key pair, then having id_rsa and id_rsa.pub in ~/.ssh/ will work fine. If you already have a key pair, consider changing the names and using the "-i <identify file>" option of ssh so the correct key is used.

ssh myuser@host -i ~/.ssh/myuser_id_rsa

The permissions of ~/.ssh and id_rsa is important. Don't allow "other" read access. Also don't allow "other" read or execute access to your home directory.

some caveats. In the server's /etc/ssh/sshd_config file, if "AllowUsers" is used (a good idea) make sure the username is listed. For the latest openSuSE, the AuthorizedKeys entry needs "%h" in it: "AuthorizedKeysFile %h/.ssh/authorized_keys". Might just be true for openSuSE. Found it after upgrading and reading distro release notes. If converting from password authentication to using a key, log in using a password and leave it open. Test pubkey authentication in a new console, just in case there is a problem loggin in. You can undo changes in the first terminal. Remember that if changes to the server's /etc/ssh/sshd_config are needed, that the ssh service needs to be restarted. E.G. if adding user to "AllowUsers".

Last edited by jschiwal; 02-17-2011 at 11:50 PM.
 
Old 02-18-2011, 12:19 AM   #4
vishesh
Member
 
Registered: Feb 2008
Distribution: Fedora,RHEL,Ubuntu
Posts: 661

Rep: Reputation: 66
I would like to recommend you generate key/pair by the user@machine who need to login remotely and then paste user's public key in authorized_key file to user@machine on which you want to login .

Thanks
 
Old 02-18-2011, 10:32 AM   #5
JeffC1
Member
 
Registered: May 2008
Posts: 89

Original Poster
Rep: Reputation: 15
I will try that now, it sounds much easier.
 
Old 02-18-2011, 11:47 PM   #6
JeffC1
Member
 
Registered: May 2008
Posts: 89

Original Poster
Rep: Reputation: 15
worked!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't view files I copied to usb flash drive on windows XP ducksong Arch 2 12-02-2010 06:56 PM
su passwd when using SSH key file foampile Linux - Newbie 2 04-23-2009 04:58 PM
USB drive using different partitions (usb key thumb drive) Arodef Linux - Hardware 0 08-04-2004 07:36 PM
file get renamed when copied to external hard drive pgajeski21 Linux - Hardware 11 04-15-2004 11:33 AM


All times are GMT -5. The time now is 10:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration