Setting up a SSH key pair with remote host (TUD)

Setting up SSH keys for specific remote connections can become complex: You can have multiple SSH keys that serve specific tasks, or general ones that are used for multiple servers.

Here I’ll go through setting up a SSH key that can be used to connect to a remote login server using a host configured in ~/.ssh/config file and ssh-copy-id to setup the remote server side. TU Dresden login server is used as an example.

We use Windows Subsystem for Linux (Ubuntu). See this step by step tutorial for setting up WSL and a general guide to set up ssh in WSL and Windows 10.

Setup host in ssh config

This is entirely cosmetic, but it helps keep track of ssh servers. Another way, described below, would be to add an ssh alias

If you haven’t done so far, create the user ssh folder in your home folder:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

The following command will create an empty ssh config file i this folder:

touch ~/.ssh/config

This file must be readable and writable only by the user, and not accessible by others:

chmod 600 ~/.ssh/config

Now, add a named host entry into ~/.ssh/config. Replace sample-user-name with your user login.

nano ~/.ssh/config
Host zih
    Hostname login.zih.tu-dresden.de
    User sample-user-name

Generate private & public ssh key pair

Lets assume you want to generate a specific key pair that is only used for one task.

You will first need to create a key pair consisting of private and public key. The private key part is password protected. The public key part is copied to the remote server, in order to identify incoming connections.

Create a new ssh key.

ssh-keygen --type ed25519 --comment "gitlab-ci@gitlab.vgiscience.org"
  • --type refers to the type of the key, with ed25519 referring to recommended public-key algorithm available today.
  • --comment is used to add a comment, which is entirely optional. In the example above, a comment is added that hins to the intended use of the key.

Now, copy the public key part to the server, into authorized_keys. There are several ways to do this, using ssh-copy-id is one of the recommended ways.

See Manual update of authorized_keys below for an alternative way.

If there’s no existing ssh connection for the remote server, you’ll need to enter your remote server password for the following command to work.

ssh-copy-id -i ~/.ssh/id_ed25519.pub zih

The output should be:

Number of key(s) added: 1

Manual update of authorized_keys (optional)

Sometimes, ssh-copy-id may not work. For example, you’re working in WSL, and your keys are stored in KeyAgent in KeePass in Windows.

If you have your public key as a string, e.g.:

ssh-ed25519 EiCCGO6JfYVOvwE9FsnOq3xCKd1fyxSlFpapxOsXDe3GR0mK+tbYzSrnDZy7ecoja3CU gitlab-ci@gitlab.vgiscience.org

You can connect to the server and add it manually to authorized_keys as follows.

  1. Copy the public key to a local file on the remote server (optional).
echo "ssh-ed25519 EiCCGO6... gitlab-ci@gitlab.vgiscience.org" >> ~/.ssh/id_ed25519.pub
  1. Add public key to authorized file using cat.
cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
  1. Remove the local public key file.
rm ~/.ssh/id_ed25519.pub

Add an alias (optional)

Another way to memorize ssh connection parameters is to add an alias to the ~/.bashrc file.

  1. Open the bashrc file for editing.

    nano ~/.bashrc
    
  2. Add an ssh alias for connecting to the server.

    alias connectzih='ssh -A sample-user-name@login.zih.tu-dresden.de'
    
  1. Save and close file with CTRL+X

  2. Reload bashrc to apply changes.

    source ~/.bashrc
    
  3. Test connection with connectzih

Check the connection

Try the connection.

ssh 'zih'

.. and check authorized_keys file, which should contain your public key part.

cat ~/.ssh/authorized_keys

An example output with random key:

ssh-ed25519 EiCCGO6JfYVOvwE9FsnOq3xCKd1fyxSlFpapxOsXDe3GR0mK+tbYzSrnDZy7ecoja3CU gitlab-ci@gitlab.vgiscience.org

Setup client connection

.. will be continued..