cancel
Showing results for 
Search instead for 
Did you mean: 
yuxiao
Flight Engineer
Flight Engineer
  • 3,192 Views

Question on SSH

Jump to solution

Greetings,

 

I have some confusions on the SSH related commands:

ssh-keygen

ssh-copy-id

 

For example, I login to server1 as student, then I want to ssh to server2 as teacher: ssh teacher@server2. But when I run the ssh-keygen command in server1, I generated pey pairs as student, then how can I use this key pairs to login as teacher on server2? 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
littlebigfab
Starfighter Starfighter
Starfighter
  • 3,118 Views

Hi @yuxiao,

ssh-keygen generates an asymmetric key pair (private key + public key) that is not associated with any user from a cryptographic point of view. The only trick here is that if you don't specify any parameter, it installs the new key pair at the default location for your local user (student) on your local system (server1). The default locations are:
~student/.ssh/id_rsa (private key)
~student/.ssh/id_rsa.pub (public key) 

This is very convenient because commands such as ssh or scp will automatically try to use that private key. Similarly, ssh-copy-id will deploy that public key (by default).

So, ssh-keygen generates a cryptographic key pair and installs it for your local user.

ssh-copy-id teacher@server2 copies the content of your local public key (by default ~student/.ssh/id_rsa.pub) to those remote account and server, in ~teacher/.ssh/authorized_keys on server2

ssh teacher@server2 will try to use ~student/.ssh/id_rsa by default, and will succeed to authenticate with it because the corresponding public key has been copied to server2 in ~teacher/.ssh/authorized_keys

In case you're not very familiar with asymetric cryptography, the private key is to be stored as safely as possible on any clients you want to ssh from, no matter the user. If stored at a non-default location, you can still use it with an extra parameter (ssh -i <key> ..., i standing for identity). It's really just an authentication key, similarly to an authentication password that can be used from different systems and by different users too.

The public key is to be stored on any servers you want to ssh to, in $HOME/.ssh/authorized_keys, $HOME being the home directory of the user that you want to use as the remote user (in your case, teacher). It may have nothing to do with the local user(s), even though it's often the same user for simplicity/clarity (SSH keys management has become a serious issue in modern sysadmin). Also note that that file $HOME/.ssh/authorized_keys can contain several concatenated public keys, in case different users/systems have to get authenticated.

View solution in original post

5 Replies
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 3,184 Views

I think you are answering your own question. If you  have already copied your credentials you'll log in automatically:

 

[student@server1 ~] ssh-copy-id teacher@server2

[student@server1 ~]  ssh teacher@server2

[teacher@server2 ~] 

 

Did you mean to ask something different?

0 Kudos
yuxiao
Flight Engineer
Flight Engineer
  • 3,175 Views

But when you do ssh-keygen, you generated the key pairs as student not teacher, right?

 

0 Kudos
littlebigfab
Starfighter Starfighter
Starfighter
  • 3,119 Views

Hi @yuxiao,

ssh-keygen generates an asymmetric key pair (private key + public key) that is not associated with any user from a cryptographic point of view. The only trick here is that if you don't specify any parameter, it installs the new key pair at the default location for your local user (student) on your local system (server1). The default locations are:
~student/.ssh/id_rsa (private key)
~student/.ssh/id_rsa.pub (public key) 

This is very convenient because commands such as ssh or scp will automatically try to use that private key. Similarly, ssh-copy-id will deploy that public key (by default).

So, ssh-keygen generates a cryptographic key pair and installs it for your local user.

ssh-copy-id teacher@server2 copies the content of your local public key (by default ~student/.ssh/id_rsa.pub) to those remote account and server, in ~teacher/.ssh/authorized_keys on server2

ssh teacher@server2 will try to use ~student/.ssh/id_rsa by default, and will succeed to authenticate with it because the corresponding public key has been copied to server2 in ~teacher/.ssh/authorized_keys

In case you're not very familiar with asymetric cryptography, the private key is to be stored as safely as possible on any clients you want to ssh from, no matter the user. If stored at a non-default location, you can still use it with an extra parameter (ssh -i <key> ..., i standing for identity). It's really just an authentication key, similarly to an authentication password that can be used from different systems and by different users too.

The public key is to be stored on any servers you want to ssh to, in $HOME/.ssh/authorized_keys, $HOME being the home directory of the user that you want to use as the remote user (in your case, teacher). It may have nothing to do with the local user(s), even though it's often the same user for simplicity/clarity (SSH keys management has become a serious issue in modern sysadmin). Also note that that file $HOME/.ssh/authorized_keys can contain several concatenated public keys, in case different users/systems have to get authenticated.

Tracy_Baker
Starfighter Starfighter
Starfighter
  • 3,154 Views

Switch user to the teacher account on server1, generate the keys, copy them to server2.

[student@server1]$ su - teacher

<enter teacher's password>

[teacher@server1]$ ssh-keygen

[teacher@server1]$ ssh-copy-id server2

<enter password for teacher@server2>

[teacher@server1]$ ssh server2

[teacher@server2]$

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
yuxiao
Flight Engineer
Flight Engineer
  • 3,095 Views

Thanks everyone, espacially littlebigfab. 

0 Kudos
Join the discussion
You must log in to join this conversation.