Ssh – Creating SSH key for remote host

sshssh-keygenssh-keys

I am beginning work with a remote host. They require a "SSH KEY" from my server. How can I create a SSH Key that they can use to allow connections from my server? I would like to assign the key to a specific SSH user on my server if possible.

I'm just worried about granting them access to my server. They shouldn't have access to mine, but I should have access to theirs. How can I generate a key to achieve this?

I don't know if it helps, but I have Ubuntu 12.04

Best Answer

You can use ssh-keygen to do this

ssh-keygen -t rsa -b 2048

answer the questions or accept the defaults then provide a passphrase for the private key.

Now send the pubic key (id_rsa.pub) to the remote host as they request.

Put the private key in ~/.ssh/id_rsa for the user that you want to access the remote host. Ensure the perms on the .ssh directory are 700 and ~/.ssh/id_rsa is 600.

You should be good to go.

useradd testuser
su - testuser

ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Created directory '/home/testuser/.ssh'.
Enter passphrase (empty for no passphrase):
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
81:dc:8d:19:f1:32:39:67:89:47:88:dc:a6:8a:3d:40 testuser@centos.lan

Send the id_rsa.pub to the remote host where is should be put in the user's ~/.ssh/authorized_keys with permissions 600 or 644 at most.

Related Solutions

SSH – How to Change Private Key Passphrase

To change the passphrase on your default key:

$ ssh-keygen -p

If you need to specify a key, pass the -f option:

$ ssh-keygen -p -f ~/.ssh/id_dsa

then provide your old and new passphrase (twice) at the prompts. (Use ~/.ssh/id_rsa if you have an RSA key.)

More details from man ssh-keygen:

[...]
SYNOPSIS
    ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
               [-f output_keyfile]
    ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
[...]
     -f filename
             Specifies the filename of the key file.
[...]
     -N new_passphrase
             Provides the new passphrase.

     -P passphrase
             Provides the (old) passphrase.

     -p      Requests changing the passphrase of a private key file instead of
             creating a new private key.  The program will prompt for the file
             containing the private key, for the old passphrase, and twice for
             the new passphrase.
[...]

SSH – How to Revoke an SSH Certificate

sshd_config has a RevokedKeys file. You can list multiple keys or certificates in it, one per line. In the future, OpenSSH will support revocation by certificate serial number, which will make for much smaller revocation lists.

Best Answer

Related Solutions

SSH – How to Change Private Key Passphrase

SSH – How to Revoke an SSH Certificate

Related Topic