User Case
---------
On our local Mac machine under the user 'johnny' we want to remote log into a remote machine under the user name 'root'
Without the need for typing in the remote user ('root') password.
On local machine (host:localmachine)- (with username 'johnny') we want to remote ssh to a remote server (host:remoteserver.com) as 'root'
On 'localmachine'
-----------------
ssh-keygen -t rsa -b 4096
# Press enter for defaults and do not bother with a passphrase (just hit enter)
# This generates two files 'id_rsa' and 'id_rsa.pub'
# Rename the private key 'id_rsa' (usually found in ~./.ssh) to something like 'remoteserver_rsa.priv'
Upload id_rsa.pub to the remoteserver (eg. scp .ssh/id_rsa.pub root@remoteserver.com:/root/.ssh)
On remoteserver.com (log in using ssh and the usual password authentication - eg. ssh root@remoteserver.com (use root password))
---------------
# append newly uploaded public key to 'authorized_keys' file
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#If you desire, you can now remove the 'id_rsa.pub' file on the remote server
rm ~/.ssh/id_rsa.pub
Note: once you cat the 'authorized_keys' file - you will see our new public key (for 'johnny') appended.
# make sure file and directory attributes are correctly set
chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys
# You are now ready to log in from your localmachine without the remote users password credentials.
On 'localmachine' (under the username 'johnny')
-----------------
# We can log into the remoteserver with the command 'ssh REMOTESERVER -l REMOTEUSER -i LOCAL_PRIVATE_KEY_FILE'
# Make sure you use the private key file that is paired with the public key file given and set up on the remote server
# (i.e the public key file appended to the .ssh/authorized_keys file on the remote server)
ssh remoteserver.com -l root -i .ssh/remoteserver_rsa.priv
# Here we are now logging in as the remote user 'root' (The remote linux user - where we placed our public key generated for and by the local user 'johnny')
# we specify the matching private key file - conveniently renamed.
Alternatively we can have an entry in the 'config' file in the local .ssh directory
# Part contents of $HOME/.ssh/config
Host remote mainremote tvserver
HostName remoteserver.com
User root
Port 22
IdentityFile ~/.ssh/remoteserver_rsa.priv
#now we are able to ssh with using just alias names - such as
ssh remote
or
ssh mainremote
or
ssh tvserver
Thursday, 3 November 2022
SSH public/private keys HOWTO
Subscribe to:
Posts (Atom)
