How to Create SSH Key for Linux User with ssh-keygen

linuxssh-keys

Being a Sudo user, is it possible to create a SSH key for an user in the same Linux server? This Sudo user doesn't have a Switch user privilege.

I have a server where I Login as sudo user say 'admin'(doesn't have switch user privilege) and I have another user say 'user1'. I have a script in my server that should run as 'user1' which should call another script running in a remote host(remote host has a similar user named 'user1') during this process, the 'user1' needs an authorized key for remote host authentication. Since the sudo user 'admin' doesn't have the privilege to switch as 'user1' and generate the ssh keys, I'll have to generate the ssh keys for 'user1' as 'admin'

Best Answer

You don't need any sudo for this. Assuming you have sshd running with passwordAuth on server2 for user1, do the following from server1:

mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa -f ~/.ssh/id_rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub user1@server2

At this point, ~/.ssh/authorized_keys is installed on server2, and assuming pubkeyAuth is enabled on server2, you can try a ssh without pwd:

ssh user1@server2 ls

now, if you want to revert things (allow user1 from server2 to login in server1 with pubKey), do the following from user1 on server2:

scp user1@server1:.ssh/id_rsa .ssh/id_rsa
chmod 600 .ssh/id_rsa

and on server1:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Related Solutions

OpenSSL – Choosing the Encryption Algorithm for OSX ssh-keygen

I am not sure about how to get ssh-keygen to create a key using a specific encyprption algorithm.

You could generate your key using OpenSSL directly.

# create 1024 bit rsa and encrypt with des3 
#    make sure you set your umask or chmod this so that it is 0600, 
#    or else ssh will refuse to use it.
openssl genrsa -des3 -out .ssh/id_rsa 1024
# export an ssh public key
ssh-keygen -y -f .ssh/id_rsa > .ssh/id_rsa.pub

You could also convert the cipher of an existing key after the fact using OpenSSL.

openssl rsa -in id_rsa -out newkey_id_rsa -des3

See: genrsa(1), rsa(1), and ssh-keygen(1) for a list of the various options.

Ssh – Creating SSH key for remote host

You can use ssh-keygen to do this

ssh-keygen -t rsa -b 2048

answer the questions or accept the defaults then provide a passphrase for the private key.

Now send the pubic key (id_rsa.pub) to the remote host as they request.

Put the private key in ~/.ssh/id_rsa for the user that you want to access the remote host. Ensure the perms on the .ssh directory are 700 and ~/.ssh/id_rsa is 600.

You should be good to go.

useradd testuser
su - testuser

ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Created directory '/home/testuser/.ssh'.
Enter passphrase (empty for no passphrase):
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
81:dc:8d:19:f1:32:39:67:89:47:88:dc:a6:8a:3d:40 testuser@centos.lan

Send the id_rsa.pub to the remote host where is should be put in the user's ~/.ssh/authorized_keys with permissions 600 or 644 at most.

Best Answer

Related Solutions

OpenSSL – Choosing the Encryption Algorithm for OSX ssh-keygen

Ssh – Creating SSH key for remote host

Related Topic