2

I am beginning work with a remote host. They require a "SSH KEY" from my server. How can I create a SSH Key that they can use to allow connections from my server? I would like to assign the key to a specific SSH user on my server if possible.

I'm just worried about granting them access to my server. They shouldn't have access to mine, but I should have access to theirs. How can I generate a key to achieve this?

I don't know if it helps, but I have Ubuntu 12.04

Improve this question
3
  • You can find a similar situation on this post.
    – Adriano P
    Aug 15, 2012 at 21:33
  • Ubuntu 12.04 also has ssh-copy-id, which will copy your public key and place it in the target user@machine's authorized_keys file in the right way. man ssh-copy-id for more details. You will obviously need to generate the keys first, before running ssh-copy-id, as per the instructions in the Answers.
    – cjc
    Aug 16, 2012 at 1:07
  • This guy wrote very handy tricks here as well.
    – Adriano P
    Aug 18, 2012 at 1:31

2 Answers 2

Reset to default
2

You can use ssh-keygen to do this 

ssh-keygen -t rsa -b 2048

answer the questions or accept the defaults then provide a passphrase for the private key.

Now send the pubic key (id_rsa.pub) to the remote host as they request.

Put the private key in ~/.ssh/id_rsa for the user that you want to access the remote host. Ensure the perms on the .ssh directory are 700 and ~/.ssh/id_rsa is 600.

You should be good to go.

useradd testuser
su - testuser

ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Created directory '/home/testuser/.ssh'.
Enter passphrase (empty for no passphrase):
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
81:dc:8d:19:f1:32:39:67:89:47:88:dc:a6:8a:3d:40 [email protected]

Send the id_rsa.pub to the remote host where is should be put in the user's ~/.ssh/authorized_keys with permissions 600 or 644 at most.

Improve this answer
3
  • @Lain can you elaborate on how I can set the key for a specific user on my box and not the root user?
    – Michael Ecklund
    Aug 15, 2012 at 20:59
  • @MichaelEcklund: Create the user then log in/su as that user and run the commands.
    – user9517
    Aug 15, 2012 at 21:02
  • Personally I prefer to use DSA over RSA as it is theoretically more secure. But using a RSA 2048 key as proposed by lain is extremely secure. But if you feel paranoid you can even create bigger keys. ;)
    – Fleshgrinder
    Aug 15, 2012 at 21:06
1

If they need the public key from your server, then you already have one. I'm using Debian and Ubuntu should be the same, so it's in /etc/ssh.

If they need a public key for a user account so that you can login on their system with that user account via e.g. ssh then you simply have to create a key for yourself. ssh-keygen -t dsa or rsa and be sure to use a passphrase!

Answer to your comment below!

Simply create that user first, do the following (and follow the on screen instructions!):

adduser someuser
su someuser
cd
ssh-keygen -t dsa
chmod 600 .ssh/id_dsa.pub

That id_dsa.pub is the key you have to send them.

Improve this answer
2
  • Just to be clear I want a specific user on my server to connect to a specific user on their server. Is that possible? Whenever I create a key it creates it as root@mybox and I want someuser@mybox. So I need a key to connect from someuser@mybox to user@theirbox. I'm assuming they will take care of the user@their box portion of it. But i would like my key to be for a specific user on my box and not root.
    – Michael Ecklund
    Aug 15, 2012 at 20:51
  • I edited my answer.
    – Fleshgrinder
    Aug 15, 2012 at 20:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .