2

I am beginning work with a remote host. They require a "SSH KEY" from my server. How can I create a SSH Key that they can use to allow connections from my server? I would like to assign the key to a specific SSH user on my server if possible.

I'm just worried about granting them access to my server. They shouldn't have access to mine, but I should have access to theirs. How can I generate a key to achieve this?

I don't know if it helps, but I have Ubuntu 12.04

Michael Ecklund
  • 251
  • 2
  • 5
  • 13
  • You can find a similar situation on this [post](http://stackoverflow.com/questions/8577236/what-should-my-github-ssh-key-be/8577237#8577237). – Adriano P Aug 15 '12 at 21:33
  • Ubuntu 12.04 also has `ssh-copy-id`, which will copy your public key and place it in the target user@machine's authorized_keys file in the right way. `man ssh-copy-id` for more details. You will obviously need to generate the keys first, before running `ssh-copy-id`, as per the instructions in the Answers. – cjc Aug 16 '12 at 01:07
  • This guy wrote very handy tricks [here](http://www.jedi.be/blog/2010/08/27/ssh-tricks-the-usual-and-beyond/) as well. – Adriano P Aug 18 '12 at 01:31

2 Answers2

2

You can use ssh-keygen to do this 

ssh-keygen -t rsa -b 2048

answer the questions or accept the defaults then provide a passphrase for the private key.

Now send the pubic key (id_rsa.pub) to the remote host as they request.

Put the private key in ~/.ssh/id_rsa for the user that you want to access the remote host. Ensure the perms on the .ssh directory are 700 and ~/.ssh/id_rsa is 600.

You should be good to go.

useradd testuser
su - testuser

ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Created directory '/home/testuser/.ssh'.
Enter passphrase (empty for no passphrase):
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
81:dc:8d:19:f1:32:39:67:89:47:88:dc:a6:8a:3d:40 testuser@centos.lan

Send the id_rsa.pub to the remote host where is should be put in the user's ~/.ssh/authorized_keys with permissions 600 or 644 at most.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • @Lain can you elaborate on how I can set the key for a specific user on my box and not the root user? – Michael Ecklund Aug 15 '12 at 20:59
  • @MichaelEcklund: Create the user then log in/su as that user and run the commands. – user9517 Aug 15 '12 at 21:02
  • Personally I prefer to use DSA over RSA as it is theoretically more secure. But using a RSA 2048 key as proposed by lain is extremely secure. But if you feel paranoid you can even create bigger keys. ;) – Fleshgrinder Aug 15 '12 at 21:06
1

If they need the public key from your server, then you already have one. I'm using Debian and Ubuntu should be the same, so it's in /etc/ssh.

If they need a public key for a user account so that you can login on their system with that user account via e.g. ssh then you simply have to create a key for yourself. ssh-keygen -t dsa or rsa and be sure to use a passphrase!

Answer to your comment below!

Simply create that user first, do the following (and follow the on screen instructions!):

adduser someuser
su someuser
cd
ssh-keygen -t dsa
chmod 600 .ssh/id_dsa.pub

That id_dsa.pub is the key you have to send them.

Fleshgrinder
  • 3,798
  • 2
  • 17
  • 20
  • Just to be clear I want a specific user on my server to connect to a specific user on their server. Is that possible? Whenever I create a key it creates it as root@mybox and I want someuser@mybox. So I need a key to connect from someuser@mybox to user@theirbox. I'm assuming they will take care of the user@their box portion of it. But i would like my key to be for a specific user on my box and not root. – Michael Ecklund Aug 15 '12 at 20:51
  • I edited my answer. – Fleshgrinder Aug 15 '12 at 20:59