copy ssh private keys to another computer
Check the permissions and ownership of your private key file. From the manual,
These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). ssh will simply ignore a private key file if it is accessible by others.
Typically the key files should look like this,
$ ls -l ~/.ssh/id_rsa*
-rw------- 1 benj benj 1766 Jun 22 2011 .ssh/id_rsa
-rw-r--r-- 1 benj benj 388 Jun 22 2011 .ssh/id_rsa.pub
which you can enforce via:
$ chown benj:benj ~/.ssh/id_rsa*
$ chmod 600 ~/.ssh/id_rsa
$ chmod 644 ~/.ssh/id_rsa.pub
Try running ssh-add
before you SSH into the server - you should then be prompted for the password and then subsequent ssh
connects can use your private key.
The ssh-add
command adds the keys to the key agent.
Encrypted private keys hold their corresponding public key unencrypted. This is how the SSH client can connect to the remote server without asking you the password (it only offers the public part at that point). Whenever the server accepts the public key, the client on your PC wants to decrypt the private key and will ask you for the passphrase.
Now, whenever the server only accepts connection from a specific IP address, this is declined already in the first step and explains the message you got from the server "Roaming not allowed by server".
So, my best guess is that your server is restricted in some way to allow only specific IP addresses for this key. You can do this in several ways, but this is a common one in ~/.ssh/authorized_keys
:
from="192.168.1.2" ssh-rsa AAAAB3NzaC[...]
To prove that you can read the public key out of an encrypted private key without password, run:
ssh-keygen -y -f /path/to/private/key