Solved: Question on SSH

yuxiao · ‎11-13-2019

Greetings,

I have some confusions on the SSH related commands:

ssh-keygen

ssh-copy-id

For example, I login to server1 as student, then I want to ssh to server2 as teacher: ssh teacher@server2. But when I run the ssh-keygen command in server1, I generated pey pairs as student, then how can I use this key pairs to login as teacher on server2?

littlebigfab · ‎11-17-2019

Hi @yuxiao,

ssh-keygen generates an asymmetric key pair (private key + public key) that is not associated with any user from a cryptographic point of view. The only trick here is that if you don't specify any parameter, it installs the new key pair at the default location for your local user (student) on your local system (server1). The default locations are:
~student/.ssh/id_rsa (private key)
~student/.ssh/id_rsa.pub (public key)

This is very convenient because commands such as ssh or scp will automatically try to use that private key. Similarly, ssh-copy-id will deploy that public key (by default).

So, ssh-keygen generates a cryptographic key pair and installs it for your local user.

ssh-copy-id teacher@server2 copies the content of your local public key (by default ~student/.ssh/id_rsa.pub) to those remote account and server, in ~teacher/.ssh/authorized_keys on server2

ssh teacher@server2 will try to use ~student/.ssh/id_rsa by default, and will succeed to authenticate with it because the corresponding public key has been copied to server2 in ~teacher/.ssh/authorized_keys

In case you're not very familiar with asymetric cryptography, the private key is to be stored as safely as possible on any clients you want to ssh from, no matter the user. If stored at a non-default location, you can still use it with an extra parameter (ssh -i <key> ..., i standing for identity). It's really just an authentication key, similarly to an authentication password that can be used from different systems and by different users too.

The public key is to be stored on any servers you want to ssh to, in $HOME/.ssh/authorized_keys, $HOME being the home directory of the user that you want to use as the remote user (in your case, teacher). It may have nothing to do with the local user(s), even though it's often the same user for simplicity/clarity (SSH keys management has become a serious issue in modern sysadmin). Also note that that file $HOME/.ssh/authorized_keys can contain several concatenated public keys, in case different users/systems have to get authenticated.

View solution in original post

Fran_Garcia · ‎11-13-2019

I think you are answering your own question. If you have already copied your credentials you'll log in automatically:

[student@server1 ~] ssh-copy-id teacher@server2

[student@server1 ~] ssh teacher@server2

[teacher@server2 ~]

Did you mean to ask something different?

yuxiao · ‎11-13-2019

But when you do ssh-keygen, you generated the key pairs as student not teacher, right?

littlebigfab · ‎11-17-2019

Hi @yuxiao,

ssh-keygen generates an asymmetric key pair (private key + public key) that is not associated with any user from a cryptographic point of view. The only trick here is that if you don't specify any parameter, it installs the new key pair at the default location for your local user (student) on your local system (server1). The default locations are:
~student/.ssh/id_rsa (private key)
~student/.ssh/id_rsa.pub (public key)

This is very convenient because commands such as ssh or scp will automatically try to use that private key. Similarly, ssh-copy-id will deploy that public key (by default).

So, ssh-keygen generates a cryptographic key pair and installs it for your local user.

ssh-copy-id teacher@server2 copies the content of your local public key (by default ~student/.ssh/id_rsa.pub) to those remote account and server, in ~teacher/.ssh/authorized_keys on server2

ssh teacher@server2 will try to use ~student/.ssh/id_rsa by default, and will succeed to authenticate with it because the corresponding public key has been copied to server2 in ~teacher/.ssh/authorized_keys

In case you're not very familiar with asymetric cryptography, the private key is to be stored as safely as possible on any clients you want to ssh from, no matter the user. If stored at a non-default location, you can still use it with an extra parameter (ssh -i <key> ..., i standing for identity). It's really just an authentication key, similarly to an authentication password that can be used from different systems and by different users too.

The public key is to be stored on any servers you want to ssh to, in $HOME/.ssh/authorized_keys, $HOME being the home directory of the user that you want to use as the remote user (in your case, teacher). It may have nothing to do with the local user(s), even though it's often the same user for simplicity/clarity (SSH keys management has become a serious issue in modern sysadmin). Also note that that file $HOME/.ssh/authorized_keys can contain several concatenated public keys, in case different users/systems have to get authenticated.

Tracy_Baker · ‎11-15-2019

Switch user to the teacher account on server1, generate the keys, copy them to server2.

[student@server1]$ su - teacher

[teacher@server1]$ ssh-keygen

[teacher@server1]$ ssh-copy-id server2

[teacher@server1]$ ssh server2

[teacher@server2]$

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

yuxiao · ‎11-19-2019

Thanks everyone, espacially littlebigfab.