I have two servers. Both servers are in CentOS 5.6. I want to SSH from Server 1 to Server 2 using a private key I have (OpenSSH SSH-2 Private Key).
I don't know how to do it over unix. But what I did on windows using Putty was to feed my OpenSSH private key to putty-gen and generate a private key in PPK format.
However, I would be creating a bash script from server 1 that will execute some commands on server 2 via SSH.
How do I SSH to Server 2 using my private key file from Server 1?
You need your SSH public key and you will need your ssh private key. Keys can be generated with ssh-keygen.
The private key must be kept on Server 1 and the public key must be stored on Server 2.
This is completly described in the manpage of openssh, so I will quote a lot of it. You should read the section 'Authentication'. Also the openSSH manual should be really helpful: http://www.openssh.org/manual.html
Please be careful with ssh because this affects the security of your server.
From man ssh:
~/.ssh/identity
~/.ssh/id_dsa
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not acces-
sible by others (read/write/execute). ssh will simply ignore a
private key file if it is accessible by others. It is possible
to specify a passphrase when generating the key which will be
used to encrypt the sensitive part of this file using 3DES.
~/.ssh/identity.pub
~/.ssh/id_dsa.pub
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files are not
sensitive and can (but need not) be readable by anyone.
This means you can store your private key in your home directory in .ssh. Another possibility is to tell ssh via the -i parameter switch to use a special identity file.
Also from man ssh:
-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
tocol version 2. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in config-
uration files).
This is for the private key. Now you need to introduce your public key on Server 2. Again a quote from man ssh:
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in
as this user. The format of this file is described in the
sshd(8) manual page. This file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.
The easiest way to achive that is to copy the file to Server 2 and append it to the authorized_keys file:
scp -p your_pub_key.pub user@host:
ssh user@host
host$ cat id_dsa.pub >> ~/.ssh/authorized_keys
Authorisation via public key must be allowed for the ssh daemon, see man ssh_config. Usually this can be done by adding the following statement to the config file:
PubkeyAuthentication yes
ssh -i keyfile thanks!
– Aivan Monceller
Oct 25 '11 at 20:59
ssh-copy-id: ssh-copy-id -i ~/.ssh/foo.id_rsa remote.example.com.
– Gilles 'SO- stop being evil'
Oct 26 '11 at 07:09
ssh-add after creating a key on the computer you are connecting from. that is what causes a headache to most people.
– Luka
Sep 19 '17 at 21:49
$ ssh -i ~/.ssh/id_rsa myuser@ssh.myhost.com I get the error
myuser@ssh.myhost.com: Permission denied (publickey). I have the key created, added locally using ssh-add, and added as an authorized key on the remote server.
– Aaron Franke
Sep 22 '19 at 20:08
I used ssh with -i option to add your key here.
If you want to pass arg1,arg2 with .sh file, just pass it after .sh file and use a use space to separate it.
ssh -i home/avr/new.pem ar@231.221.54.8 "/var/www/beta/betatolive.sh mmin 30"
chmod 600 home/avr/new.pem
– Brian Cannard
Jun 22 '17 at 03:34
The first thing you’ll need to do is make sure you’ve run the keygen command to generate the keys:
ssh-keygen -t rsa
Then use this command to push the key to the remote server, modifying it to match your server name.
cat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> .ssh/authorized_keys'
ssh-copy-id is not part of the official OpenSSH distribution, so it may not be available on all Unices (it seems to be a Linux thing though).
– Kusalananda
Dec 16 '19 at 08:18
ssh-copy-id for sure.
– andrej
Dec 16 '19 at 12:28
ssh-keygen so -t rsa is not needed. Command to invoke is just ssh-keygen.
– Trismegistos
Mar 02 '24 at 13:48
ssh-copy-id -- use locally available keys to authorise logins on a remote machine
Use ssh-copy-id on Server 1, assuming you have the key pair (generated with ssh-keygen):
ssh-copy-id -i ~/.ssh/id_rsa user@server2_hostname
Now you should be able to ssh into Server 2 with ssh using the private key
ssh -i ~/.ssh/id_rsa user@server2_hostname
Indeed, if you check cat ~/.ssh/authorized_keys on Server 2, you'll see the public key is appended for you.
Append the public key (id_[rd]sa.pub) for your source machine (where you're sshing from) to the ~/.ssh/authorized_keys file of the destination server for the username you want to ssh into. If you've lost the public key, you'll want to create a new one with ssh-keygen. Using the default arguments for that should be ok for most purposes. If you need more detailed instructions, there are thousands of tutorials you can google.
ssh-copy-id user@machine– Paul Tomblin Oct 25 '11 at 20:22