Generate Private Key File From Ssh Public Key

Related

How To Find Broken Links on Your Website Using Wget on Debian 7 Tutorial
How To Set Up SETI@home on Ubuntu 14.04 or Debian 7 Tutorial

If you can, disable password logins in your “sshdconfig” file (on the server) and use keys instead. In case you travel and can’t carry your laptop with you, just keep your private key on a USB stick and attach it to your physical keychain. Your server will be much safer this way. Generate Public/Private SSH Key Pair. A SSH private key as generated by ssh-keygen contains a public key part. How do I retrieve this public key from the private key? I've lost my public key and need to put the contents of this public key in the servers authorizedkeys file and do not want to create a new key pair. Alternatively phrased: how do I create the idrsa.pub file from a. Use the ssh-keygen command to generate SSH public and private key files. By default, these files are created in the /.ssh directory. By default, these files are created in the /.ssh directory. You can specify a different location, and an optional password ( passphrase ) to. This article provides detailed background and steps to create and manage an SSH RSA public-private key file pair for SSH client connections. If you want quick commands, see How to create an SSH public-private key pair for Linux VMs in Azure. The.pub file is your public key, and the other file is the corresponding private key. If you don’t have these files (or you don’t even have a.ssh directory), you can create them by running a program called ssh-keygen, which is provided with the SSH package on Linux/macOS systems and comes with Git for Windows.

Introduction

You have seen in previous tutorials how to use PuTTY to connect to your VPS securely and how to create SSH keys with PuTTYgen.

You might have more than one SSH key for a single cloud server, or simply more than one cloud server or Droplet that requires SSH keys to log into. This can make you feel overwhelmed with having to manage, sort out, and link all those keys to their respective servers. That’s why Pageant exists.

Pageant is a PuTTY authentication agent. It holds your private keys in memory so that you can use them whenever you are connecting to a server. It eliminates the need to:

  • Explicitly specify the relevant key to each Linux user account, if you use more than one account to log into a server
  • Type a key’s passphrase each time you log into your user account; and your keys should be passphrase protected since having an unprotected key is as good as hiding your password under your keyboard!

Prerequisites

Make sure you have these prerequisites.

  • Pageant is installed together with the PuTTY suite; if you don’t have it installed, you can download it here
  • You should already have at least one SSH key saved on your local computer

Step 1 — Adding Keys to Pageant

Start Pageant from the PuTTY folder: Start-Menu > All Programs > PuTTY > Pageant

Pageant starts by default minimized in the system tray. To begin adding your SSH keys, you should right click on its icon and then the following context menu will show up:

Clicking on Add Key from the menu or View Keys to open up the Pageant Key List window. Here you can view, add, and remove keys:

Tip: You can access the Pageant Key List window directly by double-clicking its icon in the system tray.

Click the Add Key button. This will open the file explorer, where you can choose one or more keys at a time to load. You should select files with the .ppk extension:

Click the Open button to load the keys with Pageant.

If a key is passphrase-protected, you will be prompted to enter the passphrase only once before it can be added to the Pageant Key List:

After successfully adding a key, you can now see it listed:

Step 2 — Connecting to the Server(s)

Now these keys will be available while connecting to any server during your PuTTY sessions. You don’t have to take any extra steps in PuTTY. Just enter your hostname or IP address, and SSH user. PuTTY will automatically try to authenticate using any keys currently loaded in Pageant.

Step 3 (Optional) — Removing Keys from Pageant

If you want to remove a key from Pageant, select that key from the Pageant Key List window and press the Remove Key button. You can also remove multiple keys together by selecting them with CTRL or SHIFT.

Tips & Tricks

Use these tips to automate your authenticated connections with Pageant.

Loading Keys Automatically on Pageant Startup

You can make Pageant automatically load one or more private keys when it starts up, instead of adding them manually every time you start up Pageant.

Go to the Pageant shortcut icon from the Windows Start Menu or your desktop.

Right click on the icon, and click on Properties.

A new window will open containing the shortcut’s properties:

From the Shortcut tab, edit the Target field. Leave the path to pageant.exe intact. After that path, add paths to your .ppk key files. These should be outside the quotation marks. Here’s an example:

Click the Apply and then OK buttons.

Note: If the keys are encrypted, Pageant will request the passphrases on startup.

Making Pageant Run PuTTY

You can make Pageant start PuTTY or any other program once it has initialized itself and loaded any keys specified on its command line. That way you can just start Pageant instead of having to start both programs.

Keygen

You can achieve this by following the same steps we used previously to add the keys automatically (see the previous section). Just add the program’s path at the end of the command in the Target field, preceded by the -c option, and contained within double quotes. Here’s an example of the full line for the Target field:

Other PuTTY Suite Products

Here are a few other helpful applications that can work with PuTTY.

  • PuTTYgen: A tool to generate and edit SSH public and private key pairs. It is part of the PuTTY suite, but it can also operate with the private key formats used by some other SSH clients like WinSCP
  • PSFTP: An interactive text-based client for the SSH-based SFTP (secure file transfer) protocol, that allows you to run an interactive file transfer session and perform many thing like listing the contents of directories, browsing around the file system, issuing multiple get and put commands, etc.
  • PSCP (PuTTY Secure Copy Client): A tool for transferring files securely between computers using an SSH connection

Overview

Public key authentication is a way of logging into an SSH/SFTP account using a cryptographic key rather than a password.

If you use very strong SSH/SFTP passwords, your accounts are already safe from brute force attacks. However, using public key authentication provides many benefits when working with multiple developers. For example, with SSH keys you can

  • allow multiple developers to log in as the same system user without having to share a single password between them;
  • revoke a single developer's access without revoking access by other developers; and
  • make it easier for a single developer to log in to many accounts without needing to manage many different passwords.

How Public Key Authentication Works

Keys come in pairs of a public key and a private key. Each key pair is unique, and the two keys work together.

These two keys have a very special and beautiful mathematical property: if you have the private key, you can prove you have it without showing what it is. It's like proving you know a password without having to show someone the password.

Public key authentication works like this:

  1. Generate a key pair.
  2. Give someone (or a server) the public key.
  3. Later, anytime you want to authenticate, the person (or the server) asks you to prove you have the private key that corresponds to the public key.
  4. You prove you have the private key.

You don't have to do the math or implement the key exchange yourself. The SSH server and client programs take care of this for you.

Generate an SSH Key Pair

You should generate your key pair on your laptop, not on your server. All Mac and Linux systems include a command called ssh-keygen that will generate a new key pair.

If you're using Windows, you can generate the keys on your server. Just remember to copy your keys to your laptop and delete your private key from the server after you've generated it.

To generate an SSH key pair, run the command ssh-keygen.

It will look like this when you run it:

You'll be prompted to choose the location to store the keys. The default location is good unless you already have a key. Press Enter to choose the default location.

Next, you'll be asked to choose a password. Using a password means a password will be required to use the private key. It's a good idea to use a password on your private key.

After you choose a password, your public and private keys will be generated. There will be two different files. The one named id_rsa is your private key. The one named id_rsa.pub is your public key.

You'll also be shown a fingerprint and 'visual fingerprint' of your key. You do not need to save these.

Configure an SSH/SFTP User for Your Key

Method 1: Using ssh-copy-id

Now that you have an SSH key pair, you're ready to configure your app's system user so you can SSH or SFTP in using your private key.

To copy your public key to your server, run the following command. Be sure to replace 'x.x.x.x' with your server's IP address and SYSUSER with the name of the the system user your app belongs to.

Method 2: Manual Configuration

If you don't have the ssh-copy-id command (for example, if you are using Windows), you can instead SSH in to your server and manually create the .ssh/authorized_keys file so it contains your public key.

First, run the following commands to make create the file with the correct permissions. Key generator windows vista ultimate.

Next, edit the file .ssh/authorized_keys using your preferred editor. Copy and paste your id_rsa.pub file into the file.

Log In Using Your Private Key

You can now SSH or SFTP into your server using your private key. From the command line, you can use:

If you didn't create your key in the default location, you'll need to specify the location:

If you're using a Windows SSH client, such as PuTTy, look in the configuration settings to specify the path to your private key.

Granting Access to Multiple Keys

The .ssh/authorized_keys file you created above uses a very simple format: it can contain many keys as long as you put one key on each line in the file.

If you have multiple keys (for example, one on each of your laptops) or multiple developers you need to grant access to, just follow the same instructions above using ssh-copy-id or manually editing the file to paste in additional keys, one on each line.

When you're done, the .ssh/authorized_keys file will look something like this (don't copy this, use your own public keys):

Additional Information

Retrieve Your Public Key from Your Private Key

Generate Private Key File From Ssh Public Key Filezilla

The following command will retrieve the public key from a private key:

This can be useful, for example, if your server provider generated your SSH key for you and you were only able to download the private key portion of the key pair.

Note that you cannot retrieve the private key if you only have the public key.

Correcting Permissions on the .ssh Directory

The instructions in this article will create your server's .ssh directory and .ssh/authorized_keys file with the correct permissions. However, if you've created them yourself and need to fix permissions, you can run the following commands on your server while SSH'd in as your app's system user.

Generate Private Key File From Ssh Public Key West

Disabling Password Authentication

NOTE: When changing anything about the way SSH is accessed(ports, authentication methods, et cetera), it is very strongly recommended to leave an active root SSH session open until everything is working as intended. This ensures you have a way to revert changes in the event something goes wrongand logins are not working properly.

As an extra security precaution, once you have set up SSH keys, you may wish to disable password authentication entirely. This will mean no users will be able to log into SSH or SFTP without SSH keys. Anyone entering a password will receive a message like:

Or:

Disabling password authentication is an excellent way to improve server security. Please see our guide here for the steps to accomplish this goal.

Generate Public Ssh Key Windows

Then, test whether you're able to log in with a password by opening a new SSH or SFTP session to the server. Passwords should not be able to be used and, if everything has been done correctly, an error will be issued when someone tries to use a password. Unless this setting is changed back to allow password authentication, no users will be able to log in without an SSH key set up.