SSH(as known as ) is a software package that enables secure system administration and file transfers over insecure networks. It is used in nearly every datacenter and in all large enterprises.
And SSH key is an access credential in the SSH protocol. It’s function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users.
This simple guide will show you how to ssh to a remote linux server/host using private key. Here suppose you got a ssh private key file or the plain texts of the key , and of course the hostname or IP address of the remote host.
We will cover both Linux and Windows, for Windows putty will be used as an example.
- ssh private key (file) and hostname or ip address of remote server
- login username which will be used to login to remote server
- For Windows , putty.exe and puttygen.exe need to be downloaded from link
puttygen.exe is required because we need to reformat the ssh private key to putty’s own format
Ssh to remote server using ssh private key in Linux
In linux it will be a little bit easy , we just need to save the ssh key into a file , then use ssh option
-i to read the private key while sshing to remote server .
1.save the private key into a file
You can open your favorite editor like gvim ,nano ,etc. then save the private key as a file,here suppose the file name is key.txt
2.Change the permission to 600
chmod 600 key.txt
Or you may get below similar error messages
Permissions 0644 for 'key.txt' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "key.txt": bad permissions
3.ssh to remote server by adding ssh option “-i”
ssh -i key.txt username@remote-servername-or-ip-address
Tip: -i identity_file Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/id_dsa,~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa.
Per the manpage above , you can use below commands
mkdir ~/.ssh chmod 700 ~/.ssh cp key.txt ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
So that needn’t the use the “-i” option anymore.
Ssh to remote server using ssh private key in Windows
If for some reasons you need to do it in Windows , so we need a Windows ssh client , here we will choose putty as an example ,since putty is free ,popular ,easy to use….
1.getting putty and puttygen ready
Putty site offers package file which include versions of all the PuTTY utilities or standalone binary downloading.
2. convert the private key to putty know format using puttygen
Just open puttygen.exe then click load to load your private key file , then click Save private key to save it as ppk file.
Tips: By default puttygen only looks for ppk file , you may need to choose All Files (*.*)
Note: In case Passphrase was set up for your private key , you will get a prompt to input the passphrase, we will talk about it blow. A passphrase is similar to a password. However, a password generally refers to something used to authenticate or log into a system. A password generally refers to a secret used to protect an encryption key. Commonly, an actual encryption key is derived from the passphrase and used to encrypt the protected resource.
3. Use putty to ssh to remote host using private key
1.open putty.exe , in the Session tab ,input remote host’s FQDN name or IP address
2.In the Data tab , input your login username
3.In the Auth tag , select the ppk you just generated above using puttygen.exe
4.(Optional)Save what we did from step 1 to 3 for later use
4.Click Open to connect to remote host.
For the first time login , you will get an security alert , just click Yes to save the remote server's fingerprint . Server authentication is a process that allows client applications to validate a server's identity. In other words, it helps clients to determine whether it's really connecting to the server it intended to connect to. If the server fails the SSH host key authentication process, then it's possible that the server's host key was simply changed by the admin
Similarly , if there is Passphrase been set for your private key , you need to input it here. We can simply treat Passphrase as a password OF private key
The background : how does the ssh private key been generated
If you just want to ssh to remote host/server using a private key , you already got it done. If you also have interests on how does the private key been generated you can have a look below.
Let’s suppose the scenario is you have the admin access to a remote linux server , and you want to generate a ssh private key so that you can login to this remote server locally in Windows or a linux client, you can follow below steps .
1.Login to remote server
2.use ssh-keygen to generate 2 key files. Eg: id_rsa is the private key and id_rsa.pub is the public key file
j@ubuntu2004:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/j/.ssh/id_rsa): Created directory '/home/j/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/j/.ssh/id_rsa Your public key has been saved in /home/j/.ssh/id_rsa.pub The key fingerprint is: SHA256:KnOiuOjjvIkNEtpOCtBZxqp0k1z+z3WD5Vq/cai9I2A j@ubuntu2004 The key's randomart image is: +---[RSA 3072]----+ | | | . | | +. | | ..=+ | |o.+= . S . | |++. . .. E + . | |* o + o. . + =...| |*O.. = o . =o+ o| |OB* o ...o=.| +----[SHA256]-----+ j@ubuntu2004:~$
3.put your public key into file authorized_keys . Now under your home directory , .ssh directory gets 3 files
j@ubuntu2004:~$ cat .ssh/id_rsa.pub >> .ssh/authorized_keys j@ubuntu2004:~$ ls .ssh authorized_keys id_rsa id_rsa.pub j@ubuntu2004:~$
4.Now you can use the private key(the content of file id_rsa) anywhere locally to ssh to this remote server .
Now this simple tutorial has showed you how to ssh to remote server using private key both from Windows client or Linux client, also clarified the basic of the background . Please feel free to leave a comment if you have any questions.