How to Setup Raspberry Pi SSH Keys for Authentication. Ssh copy ID Windows • ROYAN-GLISSE.COM

Setup SSH Key Based Authentication on Debian from Windows

How to setup SSH Key Based Authentication on Debian 11 “Bullseye”. Create and manage SSH keys using ssh-keygen from Windows 10 PowerShell. Copy public keys to the server and connect using SSH keys.

TL;DR

Too long, didn’t read version.

Public and Private Keys

Create a separate key pair for each device/workstation that will connect to the server.
Always use passphrases to secure your SSH keys and save the passphrase in your password manager.
Only the public key should be copied to the server. The private key should be saved on the client and never shared.
If your device supports ED25519 then this is the best choice. If not, then use RSA with a key size of 4096 bits.

Manage SSH keys using ssh-keygen on Windows

# Create and manage SSH keys using ssh-keygen from Windows PowerShell # Create an ED25519 key pair with a comment ssh-keygen.t ed25519.C “admin-user@work-laptop” # Create a 4096 bit RSA key pair with a comment ssh-keygen.b 4096.C “admin-user@work-laptop” # Check the size of an existing key ssh-keygen.lf C:\Users\Username\.ssh\id_rsa # Change the passphrase of a private key file without creating a new key ssh-keygen.pf C:\Users\Username\.ssh\id_rsa

Copying public keys to the server

On the server, the public key will be added to the users home directory authorized_keys file. /home/username/.ssh/authorized_keys

Copy public key using ssh-copy-ID (Linux)

ssh-copy-ID.i ~/.ssh/id_ed25519.pub admin-user@server-name

Copy public key manually (Windows)

# create.ssh directory and change the permissions, 700 means only the owner can read, write and execute mkdir ~/.ssh chmod 700 ~/.ssh # upload the public key file to the server /home/username directory # append contents of the public key to the authorized_keys file cat ~/id_ed25519.pub ~/.ssh/authorized_keys # remove the public key file rm ~/id_ed25519.pub # change permissions on authorized_keys, 600 means only the owner can read and write the file chmod 600 ~/.ssh/authorized_keys

Delete a public key

To delete a public key, remove it from the authorized_keys file

SSH key based authentication

SSH key-based authentication uses a private/public key pair to log on to the server instead of a username and password. SSH keys are more secure than passwords because passw ords can be brute force attacked, SSH keys cannot.

To gain access to the server, an attacker would need to get the private key file which, is only on your workstation. Getting the private key file is much more difficult than remotely brute force guessing your SSH password.

SSH keys are generally considered more secure than passwords because most people use weak/duplicate passwords.

Public and Private Keys

Give the key pair a name that identifies the admin user, client device and server that it is used to connect to e.g. admin-user@work-HP-laptop_web-server This way, if a key gets compromised, you can easily identify which key needs to be de-authorized.

If you have multiple devices and key pairs and one is compromised or lost, you can connect to the server from another device and create a new key pair. If you only have one private key, you should save it in your password manager.

SSH keys are not a silver bullet for security. If a private key is compromised, an attacker can use it to gain access to the server.It’s important to properly manage and secure your SSH private keys!

Create SSH authentication keys

SSH keys can be created and managed on Linux and Windows PowerShell using the ssh-keygen command. You can specify the authentication key type, number of bits and add a comment to the key when running ssh-keygen.

SSH authentication key types

Which SSH authentication key type should you use?

ssh-keygen defaults to using RSA
Created in 1978, RSA is an old algorithm that is widely used
Most compatible with SSH clients and servers
Requires a larger key size to be more secure/stronger
Generate an RSA key with a larger key size using the.b option
In the future, RSA may not be secure as processing power increases

An algorithm created by the US government agency NIST in 1992
Supports three key sizes 256, 384 and 521 bits
Most SSH clients and servers will support ECDSA
There may be political and privacy concerns about using a US government standard

A newer algorithm created in 2011 based on elliptic curve cryptography
Mathematically strong and fast
Some clients might not support ED25519
There is no key size option as all ED25519 keys are 256 bits

You’ll need to research the different options and choose the best algorithm for your use case.If your device supports ED25519 then this is the best choice. If not, then use RSA with a key size of 4096 bits.

In this guide, we will use two examples: One creating a 4096 bit RSA key pair and one creating an ED25519 key pair.

Create an RSA key pair

You should create the SSH authentication key from the client workstation that it will be used on.
The simplest way to create an SSH key pair is to run the ssh-keygen command.
Running ssh-keygen without specifying any options will generate a 3072 bit RSA key pair.

You’ll be asked where to save the key files. press enter to accept the default location C:\Users\Username\.sshEnter a passphrase for your SSH key. save the passphrase in your password manager.

# Create a 4096 bit RSA key pair ssh-keygen.b 4096

The private/public key pair has been created in your user folder. The.pub file is the public key that will be copied to the server. The key type id_rsa is also included in the filename

Because I’m using multiple SSH key pairs, I will rename the key files adding my admin username, client device and server hostname at the end. This way, I can easily identify the admin user, workstation and server that the key pair is used for connecting to.

Create an ED25519 key pair

The following PowerShell command will create a 256 bit key pair using the ED25519 algorithm with a comment There is no need to specify the key size as all Ed25519 keys are 256 bits

-t Specifies the type of key to create e.g. Ed25519.C Comment or name for the key

# Create an ED25519 key pair ssh-keygen.t ed25519.C “admin-user@work-laptop”

Check the size of an existing key

Show private key file fingerprint.l show fingerprint.f filename

ssh-keygen.lf C:\Users\Username\.ssh\id_rsa

Change the private key passphrase

-p change the passphrase of a private key file without creating a new key.f filename

ssh-keygen.pf C:\Users\Username\.ssh\id_rsa

Copy public key to the server

Only the public key should be copied to the server. The private key should be saved on the client and never shared.

Copy public key using ssh-copy-ID (Linux)

On Linux, you can use the command ssh-copy-ID to copy the public key to a server. You will be prompted for an admin user password.

On the server, the public key will be added to the users home directory authorized_keys file./home/username/.ssh/authorized_keys

ssh-copy-ID.i ~/.ssh/id_ed25519.pub admin-user@server-name

Copy public key manually (Windows)

There is no ssh-copy-ID command on Windows so you will need to complete these steps manually. Use SSH to connect to the server, create the.ssh directory then upload the public key file and add it to the authorized_keys file.

Delete a public key

To delete a public key, remove it from the authorized_keys file

You can see the public key fingerprint and comment identifying the user and client device.

Connect to the server using SSH keys

Use Putty with Existing SSH Keys on Windows. TechLabs

How to convert an existing Open SSH private key file to a Putty Private Key file (ppk) for use with Putty on Windows.

How to Setup Raspberry Pi SSH Keys for Authentication

In this project, we will be showing you how to setup Raspberry Pi SSH keys. It’s the perfect way to harden your Pi’s security.

Using SSH Keys for authentication is an excellent way of securing your Raspberry Pi as only someone with the private SSH key will be able to authenticate to your system.

This works by generating an SSH Key pair, you will retain the SSH private key, but the public key will go onto the Raspberry Pi’s operating system.

These SSH keys act as a means of identifying yourself to the SSH server using public-key cryptography and challenge-response authentication.

If you value your security SSH Keys is something you should set up, it offers a few security benefits over password authentication.

For starters, it is much harder for an attacker to be able to intercept and is also much more complicated to brute force. A standard SSH Key is usually 2048 characters long, compared to a password that is no longer than 32 characters.

Equipment List

Below are all the pieces of equipment that I made use of for this Raspberry Pi SSH Keys Authentication tutorial.

Generating SSH Keys on Windows

To generate SSH keys on a Windows-based operating system, we will have to rely on a piece of software called PuTTY.

You can download PuTTY from their website. Make sure you get the full package version as this includes the piece of software that we need to generate the SSH Keys for your Raspberry Pi.

Once you have downloaded and installed PuTTY to your computer go ahead and open up the program that was installed alongside it called PuTTYgen.

With PuTTYgen opened on your computer, click the “Generate” button as we have shown in the image below.

Pressing this button will generate the public and private SSH keys that we will use to make our SSH connection to our device, in our case this will be the Raspberry Pi.

Once PuTTYgen has begun generating the SSH keys it will ask you to move your mouse in the space as we have indicated in the image below.

By doing this, it helps ensure that the SSH key it generates should be genuinely unique and be hard for someone to be able to generate the same key quickly.

With the SSH keys now generated, there are a few more things that you need to do.

The first (1.) is to set a name for this SSH key, make this something memorable, so you know what SSH key is required when connecting.

Secondly (2.) you should set a passkey, this ensures that even if someone managed to steal your private SSH key, they would still need to enter a password.

This passkey acts as a second line of defense. If you would prefer not to have to enter a password at all, then you can skip this step and leave the two fields empty.

However, we do not recommend doing this if you value your security.

Thirdly (3.) we need to save the public key and the private key to somewhere safe on the computer. Make a note of the location that you save both of these files as you will need these to make a connection to your Raspberry Pi. Also, make sure you end the files in ppk so that PuTTY can pick them up.

Finally (4.) copy down the public SSH key that is featured in the text box shown in the image below. You can quickly select all the text by clicking on the box and pressing CTRL A then CTRL C.

We will need this text shortly to add to our Linux systems SSH Authorized keys file. Without this, the system won’t be able to see our private key as a proper authentication method.

The next steps of this tutorial will walk you through the process of copying the public SSH key to your linux device. In our case, we will be using a Raspberry Pi that is running the Raspbian operating system.

SSH into your Pi WITHOUT a Password with SSH Keys! | 4K TUTORIAL

Nwow you can proceed to the section titled “Copying the Public Keys manually” to continue with this Raspberry Pi SSH Keys tutorial.

Generating SSH Keys on Linux based systems

Generating SSH keys on a Linux system is a little easier as the SSH tools to do this are usually included with the main operating system. This means we do not have to install any additional packages.

To generate SSH Keys open up a terminal session on your Linux device enter the following command.

With the ssh-keygen tool now running you will be first asked to enter a file in which to save the key. For this tutorial, just press Enter to leave this as the default.

Since we are doing this on our Raspberry Pi Raspbian installation, this default directory was located at /home/pi/.ssh/id_rsa.

After setting the file in which to save the key we now need to decide whether we want to use a passphrase.

Personally, we recommend that you utilize a passphrase as it ensures that your private key will have a bit of extra security.

This additional security means that even if someone manages to steal the file as they will need to enter the passphrase to decrypt the private key.

So at this step enter a passphrase (Make sure that this is something secure but memorable).

Alternatively, if you do not like having to enter a password, you can press Enter but remember this means that anyone who has your private key can access your device without entering any password.

Now you have the choice to either copy your SSH public key by utilizing the ssh-copy-ID tool or manually copy the key itself.

If you want to copy the key over manually, then follow step 5 and step 6, otherwise skip to the next section titled “Copying the Public Key using SSH Tools“.

The SSH key should now be generated so we can grab the contents of the public key file, we will need the contents of the file for setting up authentication on the device we want to use the SSH keys to authenticate to.

To get the contents of the public key, you can utilize the following command on your Linux based device.

With the contents of the public key now handy we can now proceed to the next step of actually adding the SSH key to the authorized_keys file.

Now skip to the section titled “Copying the Public Keys manually” to learn how to utilize the public keys contents to allow the private key to act as an authorization key.

Copying the Public Key using SSH Tools

On your Linux device (In our case it’s one of our Raspberry Pis), run the following command. Make sure that you replace IP_ADDRESS with the IP address of the remote machine that you want to copy the keys to.

Please note that you will be asked to log in with both your username and password for that remote machine as the tool needs these to copy over your public key.

ssh-copy-ID.i ~/.ssh/id_rsa IP_ADDRESS

Once done, this tool will automatically add your public key to the authorized_keys file on the remote machine.

Copying the Public Keys Manually

Back on the Raspberry Pi, we need to utilize a few commands to setup our authorized_keys file. This is the file that the SSH daemon will check when a private key is used for authentication.

To begin let’s create the folder that our authorized_keys file will be sitting in. To do this, we will be using the install command with a few parameters to set the correct permissions.

Run the following command on your Raspberry Pi.

With the folder created let’s go ahead and put our public key in the authorized_keys file.

To do this run the following command to begin editing it.

In this file copy and paste the contents of the public SSH key that you generated earlier using either your Windows device or your Linux device.

SSH will authenticate any private keys against the public key present to see if it is a legitimate connection to authorize.

Once you have your public SSH key entered into the authorized_keys file, you can save and quit out of the file by pressing CTRL X then Y and finally ENTER.

With the file now saved we need to make sure it has the correct permissions. To do this, we need to run the following chmod and chown commands.

These commands will assign the correct permissions to the file so that it can be read by SSH when you try to log in.

If you are not using the default “pi” user on Raspbian make sure you replace the text “pi” in the following command with the name of the user you want to use this for authentication.

sudo chmod 644 ~/.ssh/authorized_keys sudo chown pi:pi ~/.ssh/authorized_keys

With the SSH private key now saved and the permissions correctly set we can now proceed to login. We will do this before we disable password authentication, so we do not lock ourselves out of our Raspberry Pi.

For our SSH key authentication tutorial, we will be showing you how to connect to your Raspberry Pi using your private key and PuTTY.

Connecting using your Private Key on Linux

Utilizing the private key is dead easy on the Linux device that you generated the key in the first place.

The SSH tool by default on most Linux based systems is designed to automatically make use of the private key when attempting to make a connection.

As long as you are using the machine you used to generate the private key, you can use the SSH command as shown below.

The system will automatically try to use the private key that we created earlier to make the connection.

Thanks to copying the public key into the authorized_keys file of the remote host, it will be able to recognize our incoming private key and accept our connection.

If you set a passphrase, you will now be asked to enter that before you can continue, this is required to unlock your private key.

After entering your passphrase, you should now be logged into the remote machine.

If you don’t like having to enter your passphrase every time, don’t worry as we will go into how to cache this later on in the tutorial.

Connecting to your Raspberry Pi using a Private Key with PuTTY

In this section of the Raspberry Pi SSH keys tutorial, we will be showing you how to use your private key with PuTTY to connect to the Raspberry Pi.

Connecting using a private key is a relatively simple process.

Start by opening up PuTTY on your computer and entering your Raspberry Pi’s IP address (1.) then click on “Auth” under the “SSH” section (2.)

Next, you need to press the “Browse” button. This button will allow you to find and select the private key that we saved earlier in the tutorial. Selecting this file will allow PuTTY to try and use it for authentication.

After you have selected the private key from the browser, you should now press the “Open” button to start the connection.

Upon connecting you will be first asked to enter a username, Make sure this is the username that belongs to the private key that you are using otherwise authentication will fail.

After entering the correct username, you will be now asked to enter a passphrase for your private key if you set one earlier.

Upon entering a correct passphrase you will be logged into the SSH session. You can now proceed to disabling password authentication completely.

Removing Password Authentication

To disable password authentication, we need to modify the sshd_config file. Within this file, we can change the behavior of the SSH daemon.

To modify this file run the following command on your Raspberry Pi.

sudo nano /etc/ssh/sshd_config

Within this file, we need to find the following line and change “yes” to “no“.

This simple change will completely disable the ability to login to your Raspberry Pi with just a password. From now on you will require the private key to gain access to the system through SSH.

If you are having trouble finding the line you can use CTRL W to find it quickly. (If you’re using the nano editor)

#PasswordAuthentication yes

Replace with

PasswordAuthentication no

You can now save and quit out of the file by pressing CTRL X then Y and finally ENTER.

With the changes now made to the sshd_config file, we should restart our Raspberry Pi to ensure the changes are loaded in.

Remember to make sure that your private key is allowing you to connect to your Raspberry Pi as passwords won’t work after restarting.

Once you are happy with everything, use the following command on your Raspberry Pi to restart it.

If everything is working correctly you should only be able to perform an SSH connection if you have a valid private key.

Without the private key, the connection will be refused by the SSH agent. As you can no longer use your password, keeping your private key safe is a very crucial task as it is now your only way of remotely accessing your device.

If for some reason you manage to lose your private key or forget the passphrase for your private key there is still one way of gaining access to your device.

To fix any issues that may arise with your SSH connection you can still physically connect a keyboard and mouse to your device to regain control.

To restore password access over the SSH connection, you should try reverting the change we made to the PasswordAuthentication setting and then refollow the tutorial to set up the SSH keys again.

Caching SSH Passphrase for the Current Terminal Session

If you are using the SSH bash tool, then you can cache the passphrase for your private key while the current session is still going.

To do this, we must first start up another session of the ssh-agent. We can do this by running the following command within the terminal session.

Upon entering this command, you will be shown a process ID for the ssh-agent that we just loaded. You can use this process ID later on to kill the agent and remove the passphrase caching.

The process ID should appear something like, “Agent pid 26484“, you need to make a note of the number.

Now that we have started up our additional session of the ssh-agent let’s go ahead and add our private key to it.

We can do this by just typing in the following command, be prepared to enter your private key’s passphrase.

With your SSH key now added to the agent, you should be able to login to any remote machine that has your key authorized without needing to enter your passphrase.

To remove your private key from the SSH-agent cache, you will need to kill the ssh-agent we started earlier.

The easiest way to do this is to make use of the process ID that we grabbed earlier. Just insert that process ID after the command ‘kill’ to kill the process.

I hope by the end of this Raspberry Pi SSH keys tutorial that you learned how to both generate and authenticate by using SSH keys. If you have any thoughts, tips or anything else that you would like to mention then please don’t hesitate to leave a comment below.

How to SSH login without Password on Windows 10

If you’re tired of putting a password everything you login via SSH into your server via ssh root@your_server, there are ways to automatically login to your server without requiring you input a password. This is by using the built-in ssh-keygen command available in your Windows 10.

Basically, the ssh-keygen will create an authentication key pairs that you can use for Secure Shell protocol login.

How to login to SSH without Password

To start, open up a command prompt on your Windows 10. Type in your Cortana CMD.

Now, enter the command ssh-keygen. this will asked to enter a file name for it, make sure to leave it as blank so that it will save the pair as the default filename id_rsa:

Generating public/private rsa key pair. Enter file in which to save the key (C:\Users\YOUR_USERNAME/.ssh/id_rsa):

Now, you’ll be asked to enter a passphrase. To improved security of your RSA key pair add your passphrase in it. You’ll also be asked to re-enter it again.

Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in C:\Users\YOUR_USERNAME/.ssh/id_rsa. Your public key has been saved in C:\Users\YOUR_USERNAME/.ssh/id_rsa.pub. The key fingerprint is: SHA256:3lk4xS/1udKUWtPqo1BtSFpGIufIlZYLhEHxOtiXDQI YOUR_USERNAME@YOUR_DESKTOP The key’s randomart image is:.[RSA 2048] =o =o o| o.o= | o oo.o=.o| | o o o o.o=.| o S. o.| | o o o. o o| | o. | | | | [SHA256]-

It will then create the id_rsa and id_rsa.pub file in your C:\Users\YOUR_USERNAME\.ssh directory and in the command screen it will show a randomart image.

Since ssh-copy-ID is not a built-in command in Windows 10 (See explanation at the bottom), you need to manually add your public key to your server.

open up the id_rsa.pub file with a notepad and copy the whole text. The file is in C:\Users\YOUR_USERNAME\.ssh\ folder. Example id_rsa.pub file below.

ssh-rsa AAAAC3NzaC1yc2EAAAADAQABAABBAQDs4aYDW/XeeewahNS3JO9lxxREYdEcJEccQIMHixnVcaQOzXwiNIJ5HNbHpv5lk2YgcPSffPLcX6lQruLbSt3HDjNl3Q76P81xuPUscCeP37ulZXVuQoaWeqTlW36AXWeZsqQowLxih8ydl2FlIv/Zytv2AAJk3SKEiGuDBJciCAvVTgb0bNGn93X3tohBpM79mRWuCCWSoRbiu8kumUpt9eeXgmte82UI9JVKb0qj/G3XJp84s0Evtk7LHhZ/v6VmfQCsC/lrOKwGezbVGwI/3Xz64kudCmvkfmWOEGFOGv0MMCA91mDrKr4Tc7nj6yYTE1kIm0y3DdLS7l YOUR_USERNAME@YOUR_DESKTOP

Now, you need to login to your server via SSH with password as of now ssh root@YOUR_SERVER. Then you need to edit or make a file authorized_keys via vim. Enter this command:

Then paste the content of your id_rsa.pub on it or if it has existing keys, just paste it on the bottom. Then don’t forget to save it :wq.

If you have problem where there is ^M showing, especially if there are existing keys, just type this command e ff=dos and those ^M will be converted to normal lines.

After that, you can now login to your CMD via ssh root@YOUR_SERVER without requiring for entering your password.

SSH-Copy-ID is not available on Windows 10

The only problem with Windows 10 is there is no ssh-copy-ID command available in the OS and you need to manually add the pair into your server. You’ll get an error ‘ssh-copy-ID’ is not recognized as an internal or external command, operable program or batch file.’ when you try to input it.

Load Key Operation not Permitted

If you’re getting an error saying “Load key “C:\Users\YOUR_USERNAME/.ssh/id_rsa”: Operation not permitted”, this means you’re trying to create a folder in your.ssh directory named id_rsa.

Some people create these folder because they though the key was saved in that folder when they entered the ssh-keygen which says the following:

Generating public/private rsa key pair. Enter file in which to save the key (C:\Users\YOUR_USERNAME/.ssh/id_rsa): sample Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in sample. Your public key has been saved in sample.pub.

This happens, when you named the file when saving the ssh-keygen, make sure to leave it as blank to make sure the private key is save as the default id_rsa and id_rsa.pub.

How to Use the ssh-copy-ID Command

The ssh-copy-ID command is a simple tool that allows you to install an SSH key on a remote server’s authorized keys. This command facilitates SSH key login, which removes the need for a password for each login, thus ensuring a password-less, automatic login process. The ssh-copy-ID command is part of OpenSSH, a tool for performing remote system administrations using encrypted SSH connections.

This article shows you how to use the ssh-copy-ID tool to make your SSH logins more seamless and secure.

How to Install the ssh-copy-ID Command

The ssh-copy-ID tool, part of the OpenSSH package, is available in all major Linux distribution repositories, and you can use your package manager to install this command.

To install the ssh-copy-ID tool on Debian, use the following command:

Once you have OpenSSH installed, you can use the ssh-copy-ID tool in the command-line.

Usage: / usr / bin / ssh-copy-ID [.h ? f n ] [.i [ identity_file ] ] [.p port ] [ [.o ssh.o options ]. ] [ user @ ] hostname.f: force mode.- copy keys without trying to check if they are already installed.n: dry run.- no keys are actually copied.h ?: print this help

Using ssh-copy-ID is simple because the script makes the public key authentication process easier and more efficient. Before we dive into how to use the tool, we will first discuss how SSH public key authentication works.

SSH Public Key Authentication

Public SSH key authentication is an SSH authentication method that allows users to use cryptographically generated keys to log into remote servers.

SSH keys are more secure than raw passwords and provide a much more efficient way of logging into SSH. SSH keys are automated, and once authorized, do not require a password at each login.

To use an SSH key, we will begin by generating a key.

How to Generate an SSH Key

To generate an SSH key, use the ssh-keygen tool that comes as a part of OpenSSH. This tool generates public and private key files stored in the ~/.ssh directory, as shown below.

Generating public / private rsa key pair. Enter file in which to save the key ( / root /.ssh / id_rsa ) : Created directory ‘/root/.ssh’. Enter passphrase ( empty for no passphrase ) : Enter same passphrase again: Your identification has been saved in / root /.ssh / id_rsa. Your public key has been saved in / root /.ssh / id_rsa.pub. The key fingerprint is: SHA256:ddVOQhS6CGt8Vnertz9aiSnvOUKmSpPrZgI24DptsA root @ user The key ‘s randomart image is:.[RSA 2048] | o=o | | o. o| | o.o| | S | o.o o | E o | |o. = o.o.o| o. oo= o=o.| [SHA256]-

How to Copy SSH Key Using SSH-copy-ID

Once we have generated an SSH key, we can manually add the SSH key to the remote machine authorized_keys file or use the ssh-copy-ID command.

We will use the ssh-copy-ID command to make this process easier. Simply call the ssh-copy-ID command and pass the path to the public key, as follows:

After inputting the above command, you should obtain the following output:

/ usr / bin / ssh-copy-ID: INFO: Source of key ( s ) to be installed: “/root/.ssh/id_rsa.pub” / usr / bin / ssh-copy-ID: INFO: attempting to log in with the new key ( s ). to filter out any that are already installed / usr / bin / ssh-copy-ID: INFO: 1 key ( s ) remain to be installed.- if you are prompted now it is to install the new keys user @ 77.134.54.101’s password: Number of key ( s ) added: 1 Now try logging into the machine, with: “ssh.p ‘6576’ ‘user@77.134.54.101′” and check to make sure that only the key ( s ) you wanted were added.

NOTE: Never copy your private key to another machine.

Once the command has been executed successfully, try logging into the server using the key that you uploaded, as follows:

The above command will require you to enter the passphrase for your public key, as shown in the output below:

Enter passphrase for key ‘/root/.ssh/id_rsa’ : Last login: Fri Mar 5 14 :06: 16 2021 from 173.208.98.186

The command above should allow you to log in to the remote host without asking for the user’s password. The system may prompt you to enter the passphrase of the key that you set up earlier.

SSH-copy-ID Command Options

You can modify how the ssh-copy-ID command works by using the provided arguments. To view the help page, use the command ssh-copy-ID.h or use the ssh-copy-ID command with no arguments.

-i argument: This argument specifies the identity file to be used, i.e., copied to the specified remote host. If you fail to specify the.i argument, all the files in the ~/.ssh directory with the matching pattern pub will be added.
-f flag: This flag enables forced mode, which does not check whether the key is pre-configured in authorized_keys on the server. The.f flag adds a key, often resulting in multiple copies of the same key installed on the server.
-p flag: This flag specifies the SSH port to connect to the remote host. This flag is used when the default SSH port is not being used.
-n flag: This flag performs a dry-run that prints the keys intended for installation without installing them on the remote host.

Conclusion

This guide showed you how to use the ssh-copy-ID command to install SSH keys on remote hosts. Though this can be a simple and efficient method to install keys, misconfigured keys may result in security issues or getting locked out of the system. Therefore, be extremely careful as you experiment with this process.

SSH Keys | Adding an SSH key to a Raspberry Pi

John Otieno

My name is John and am a fellow geek like you. I am passionate about all things computers from Hardware, Operating systems to Programming. My dream is to share my knowledge with the world and help out fellow geeks. Follow my content by subscribing to LinuxHint mailing list

Sources:

https://techlabs.blog/categories/debian-linux/setup-ssh-key-based-authentication-on-debian-from-Windows
https://pimylifeup.com/raspberry-pi-ssh-keys/
https://codefaq.org/server/how-to-ssh-login-without-password-on-Windows-10/
https://linuxhint.com/use-ssh-copy-ID-command/