Getting details about the key / connection
You can also check that the key is being used by trying to connect to git@github.com:
$ ssh -vT git@github.com
Generate public SSH key from private SSH key / fix users / add to known_hosts / add to .ssh/config
Posted on 2016-02-15 by Gerhard
A lost SSH public-key or a web service generates an SSH key but does not provide the public-key part to you. What to do now? There is a solution for this situation.
When you have an SSH key you need the public key to setup SSH passwordless login with SSH-key. But if you have lost the public key part but still have the private key, there is a way to regenerate the key.
With the public key missing, the following command will show you that there is no public key for this SSH key.
$ ssh-keygen -l -f ~/.ssh/id_rsa
test is not a public key file.
WARNING: UNPROTECTED PRIVATE KEY FILE!
How can I fix it?
Like I said earlier, this is an easy fix. Just run:
$ sudo chmod 600 /path/to/my/key.pem
Keep in mind that if you keep all of your keys in the ~/.ssh directory (or any other directory, really), you may need to adjust the permissions for that directory as well. In that case, use this:
$ sudo chmod 755 ~/.ssh
And that's all there is to it. Now you should be able to use your key with no problems.
The -l option instructs to show the fingerprint in the public key while the -f option specifies the file of the key to list the fingerprint for.
To generate the missing public key again from the private key, the following command will generate the public key of the private key provided with the -f option.
$ ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
Enter passphrase:
The -y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the .pub file extension. If the key has a password set, the password will be required to generate the public key.
To check the details of the generated public key execute the following command as shown above.
$ ssh-keygen -l -f ~/.ssh/id_rsa
4096 d6:7b:c7:7a:4f:3c:4d:29:54:62:5f:2c:58:b2:cb:86 ~/.ssh/id_rsa (RSA)
The output of this command shows the key size as the first column, the fingerprint as the second column and after the file name, the type is shown in brackets. In the example above, a 4096 bit RSA key.
Read more of my posts on my blog at http://blog.tinned-software.net/.
Adding sshkey to known_hosts
Copy .pub key
pbcopy < ~/.ssh/id_rsa.pub
(if not named id_rsa – use full path to key)
pbcopy < /Users/spiffy/.ssh/non_standard_name.pub
pbcopy < /Users/spiffy/.ssh/quantox-staging.pub
Adding to known_hosts
Manual page for sshd(8) describes the format of known_hosts file:
Each line in these files contains the following fields: markers (optional), hostnames, bits, exponent, modulus, comment. The fields are separated by spaces.
If your public key for your host looks like this:
ssh-rsa AAAA1234.....=
So just putting this line into your ~/.ssh/known_hosts file:
your.host.name,0.0.0.0 ssh-rsa AAAA1234.....=
where you will exchange hostname and ip for your host.
Now it depends if you have ssh option HashKnownHosts turned on. If not, you are done. Otherwise (e.g. on current Ubuntu releases) you will need to hash this file using ssh-keygen -H -f ~/.ssh/known_hosts.
nano ~/.ssh/known_hosts
I answered almost similar answer on SuperUser few days ago. The important parts:
- The format differs
- There are different host keys (types) on each server (make sure you paste the one that is actually used)
- There is
ssh-keyscanwhich can create the format for you
Otherwise just prefix your key with server IP address (you can add also hostname, after comma), remove the comment from end of the line and you are fine. Format then look like this:
11.22.33.44 ssh-rsa AADGD...
And one more note, if you use HashKnownHosts yes (Debian and Ubuntu does), you need to re-hash your known_hosts such as:
ssh-keygen -Hf ~/.ssh/known_hosts
Linux / Mac / Windows with MobaXterm / fixing knows hosts
Finding the known_hosts File:
After you have connected to a computer using ssh, the key you used to connected is stored in a file called known_hosts which is located in a hidden file (.ssh) in your home directory. It can be opened in a text editor of your choice with:
[abc123@computer ~]vim ~/.ssh/known_hosts
You will notice the file is arranged: computer``name, ip-address veryLongKey, where each line is its own computer and key. If you have a smaller screen the key will continue on to the next line, but is still counted as one line.
Method 1 – Getting Rid of It All
If you only have one host in your know_host file then removing the entire file is a solution. The file will be recreated the next time you ssh into that computer. Before you remove the file you should back up the contents:
cp ~/.ssh/known_hosts ~/.ssh/known_hosts.old
[abc123@computer ~]rm ~/.ssh/known_hosts
Method 2 – Targeting the Key Individually
If you look at the error message you will notice this line:
RSA host key for ras.mydomain.com has changed...
This tells which is the offending host, so now you can remove that key by running:
[abc123@computer ~]ssh-keygen -R HOSTNAME
This will give you the following output when it is successful:
# Host HOSTNAME found: line #
/home/user/.ssh/known_hosts updated.
Original contents retained as /home/user/.ssh/known_hosts.old
You can also edit the known_hosts file directly and remove the entire offending line which is indicated by: Offending key in /home/user/.ssh/known_hosts:1. In this case the line is 1. You may end up deleting something you did not intend to so back the file up first:
cp ~/.ssh/known_hosts ~/.ssh/known_hosts.old
sed -i '6d' ~/.ssh/known_hosts
Will modify the file ~/.ssh/known_hosts:6 , removing the 6th line.
In my opinion, using ssh-keygen -R is a better solution for an openssh power user, while your regular Linux admin would do better to keep his/her sed skills fresh by using the above method.
also add host to ~/.ssh/config
#name of server
Host XX.XXX.XXX.XXX
IdentityFile ~/.ssh/user_key
Transfer file using scp
The easiest of these are scp or secure copy. While cp is for copying local files, scp is for remote file transfer where both uses almost the same syntax. The main difference is that with scp you'll have to specify the remote host's DNS name or IP address and provide login credential for the command to work. You can both scp files from local to remote and local to remote.
-
Copy single file from local to remote using scp.
$ scp myfile.txt remoteuser@remoteserver:/remote/folder/If the target folder (/remote/folder/) is not specified, it will copy the file to the remote user's home directory.
-
scp from remote to local using a single file .
$ scp remoteuser@remoteserver:/remote/folder/remotefile.txt localfile.txtUsing . as the copy target (replacing localfile.txt will copy the remote file to the current working directory using the same filename (remotefile.txt)
-
Copy multiple files from local to remote using scp.
$ scp myfile.txt myfile2.txt remoteuser@remoteserver:/remote/folder/ -
Copy all files from local to remote using scp.
$ scp * remoteuser@remoteserver:/remote/folder/ -
Copy all files and folders recursively from local to remote using scp.
$ scp -r * remoteuser@remoteserver:/remote/folder/remoteuser need to exist and have write permission to /remote/folder/ in the remote system.
GUI programs such WinSCP can also be used to transfer files between local and remote host using scp methods.
-