Setting up a SSH key pair with remote host (TUD)
Setting up SSH keys for specific remote connections can become complex: You can have multiple SSH keys that serve specific tasks, or general ones that are used for multiple servers.
Here I’ll go through setting up a SSH key that can be used to connect to
a remote login server using a host configured in ~/.ssh/config file and ssh-copy-id
to setup the remote server side. TU Dresden login server is used as an example.
We use Windows Subsystem for Linux (Ubuntu). See this step by step tutorial for setting up WSL and a general guide to set up ssh in WSL and Windows 10.
Setup host in ssh config
This is entirely cosmetic, but it helps keep track of ssh servers. Another way, described below, would be to add an ssh alias
If you haven’t done so far, create the user ssh folder in your home folder:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
The following command will create an empty ssh config file i this folder:
touch ~/.ssh/config
This file must be readable and writable only by the user, and not accessible by others:
chmod 600 ~/.ssh/config
Now, add a named host entry into ~/.ssh/config. Replace sample-user-name with your user login.
nano ~/.ssh/config
Host zih
Hostname login.zih.tu-dresden.de
User sample-user-name
Generate private & public ssh key pair
Lets assume you want to generate a specific key pair that is only used for one task.
You will first need to create a key pair consisting of private and public key. The private key part is password protected. The public key part is copied to the remote server, in order to identify incoming connections.
Create a new ssh key.
ssh-keygen -t ed25519 -C "gitlab-ci@gitlab.vgiscience.org"
-trefers to the type of the key, withed25519referring to recommended public-key algorithm available today.-Cis used to add a comment, which is entirely optional. In the example above, a comment is added that hins to the intended use of the key.
Now, copy the public key part to the server, into authorized_keys. There are
several ways to do this, using ssh-copy-id is one of the recommended ways.
See Manual update of authorized_keys below for an alternative way.
If there’s no existing ssh connection for the remote server, you’ll need to enter your remote server password for the following command to work.
ssh-copy-id -i ~/.ssh/id_ed25519.pub zih
The output should be:
Number of key(s) added: 1
Manual update of authorized_keys (optional)
Sometimes, ssh-copy-id may not work. For example, you’re working in WSL,
and your keys are stored in KeyAgent in KeePass in Windows.
If you have your public key as a string, e.g.:
ssh-ed25519 EiCCGO6JfYVOvwE9FsnOq3xCKd1fyxSlFpapxOsXDe3GR0mK+tbYzSrnDZy7ecoja3CU gitlab-ci@gitlab.vgiscience.org
You can connect to the server and add it manually to authorized_keys as follows.
- Copy the public key to a local file on the remote server (optional).
echo "ssh-ed25519 EiCCGO6... gitlab-ci@gitlab.vgiscience.org" >> ~/.ssh/id_ed25519.pub
- Add public key to authorized file using
cat.
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
- Remove the local public key file.
rm ~/.ssh/id_ed25519.pub
Add an alias (optional)
Another way to memorize ssh connection parameters
is to add an alias to the ~/.bashrc file.
Open the bashrc file for editing.
nano ~/.bashrcAdd an ssh alias for connecting to the server.
alias connectzih='ssh -A sample-user-name@login.zih.tu-dresden.de'
Save and close file with CTRL+X
Reload bashrc to apply changes.
source ~/.bashrcTest connection with
connectzih
Check the connection
Try the connection.
ssh 'zih'
.. and check authorized_keys file, which should contain your public key part.
cat ~/.ssh/authorized_keys
An example output with random key:
ssh-ed25519 EiCCGO6JfYVOvwE9FsnOq3xCKd1fyxSlFpapxOsXDe3GR0mK+tbYzSrnDZy7ecoja3CU gitlab-ci@gitlab.vgiscience.org
Setup client connection
.. will be continued..