[SOLVED] Generating SSH Key at the console - What file needs to be copied to my usb drive?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Generating SSH Key at the console - What file needs to be copied to my usb drive?
Hello all
I've been giving the task to go to a Linux console as root.
and generate a ssh rsa 4096bit key, and copy the private key to a USB drive.
1) What command should I use here? ssh-keygen -t rsa -b 4096 ?
2) Do I need to append the new private key to the authorized_users file? Which file exactly must be appended there? Would this be sufficient?
This is all back-to-front; it's bad idea is to log in remotely
via root. If you're really set on doing that you have to create
a key-pair on YOUR machine, and place the PUBLIC part of YOUR
key in root's authorized_keys on the remote machine.
The public key gets added to the authorized_keys file of the server. The client (at home) has both in /home/myuser/.ssh/. You don't need to be root to generate a key pair. What user will you be logging into the server as? It is better to log into a server as a regular user and use sudo instead of allowing root logins. If you must use root (e.g. only user on server) make sure that you use a very good passphrase. This will protect your private key if stolen or copied. Especially important for laptops which are often lost or stolen in airports and coffee shops.
If this is your home clients key pair, then having id_rsa and id_rsa.pub in ~/.ssh/ will work fine. If you already have a key pair, consider changing the names and using the "-i <identify file>" option of ssh so the correct key is used.
ssh myuser@host -i ~/.ssh/myuser_id_rsa
The permissions of ~/.ssh and id_rsa is important. Don't allow "other" read access. Also don't allow "other" read or execute access to your home directory.
some caveats. In the server's /etc/ssh/sshd_config file, if "AllowUsers" is used (a good idea) make sure the username is listed. For the latest openSuSE, the AuthorizedKeys entry needs "%h" in it: "AuthorizedKeysFile %h/.ssh/authorized_keys". Might just be true for openSuSE. Found it after upgrading and reading distro release notes. If converting from password authentication to using a key, log in using a password and leave it open. Test pubkey authentication in a new console, just in case there is a problem loggin in. You can undo changes in the first terminal. Remember that if changes to the server's /etc/ssh/sshd_config are needed, that the ssh service needs to be restarted. E.G. if adding user to "AllowUsers".
I would like to recommend you generate key/pair by the user@machine who need to login remotely and then paste user's public key in authorized_key file to user@machine on which you want to login .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.