How to export my SSH's public key?
I need to set up ssh sessions between two servers and do not want to make the script fill in username and password everytime.
However I cannot seem to find out where the SSH server is using its config from.
bash-2.05# ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090700f
I have certificate files file in both /etc/ssh/ and ~/.ssh/. I can only find one config file for SSH and it is in /etc/ssh/ssh_config, but it contains no data (everything is commented out).
Does anyone know how I can find out where the certificate is stored, or how I can export it so I can transfer it to the other server? I was hoping the config files would give me the answer, but they provide little to no help.
Assuming you mean public-key-authentication on a user-level by 'certificate' and you created them by using ssh-keygen
with the default location, they should be at place where your ssh-client will find them. The key consists of a private part, usually stored in ~/.ssh/id_rsa
and a public part in ~/.ssh/id_rsa.pub
. The last one will have to be transferred to the remote server, usually to ~/.ssh/authorized_keys
.
The easiest way to transfer the key to another server is using ssh-copy-id
with the target machine. If you used the default location on creation, this key will automatically be used.
Note, that /etc/ssh/ssh_config
is for the client. On the server you will have to look at /etc/ssh/sshd_config
. In your setup both servers will serve as both ssh-client and ssh-server, so you would have to look at both files at both ends.
You need to find the ssh public key for the user that will be the login user for the script.
For example, If I have serverA and serverB, I'd do the following.
sudo adduser scriptrunner
...
sudo su - scriptrunner
ssh-keygen
...
cat .ssh/id_rsa.pub
ssh-rsa AAAAB3Nza...... scriptrunner@serverA
then do something similar on ServerB
Then on serverA, squirt the public key of serverB's scriptrunner user into /home/scriptrunner/.ssh/authorized_keys
and do the opposite on serverB (using serverA's scriptrunner user on into authorized_keys in /home/scriptrunner/.ssh/authorized_keys
on serverB)
Then you should be able to do
ssh scriptrunner@serverA
from serverB using the key, and vice versa.
You can also use ssh-copy-id
to do the authorized_keys bit.
In order to establish an ssh connection with public key authentication, the user who initiates the connection needs to have a public/private key pair. On many linux distributions these keys are not generated by default and have to be generated by the user himself (or by the administrator on their behalf).
If you are logged in as the relevant user, go to your home directory and run
ssh-keygen
Accept all the defaults, and a new key pair will be created in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. Now copy the public key and paste it into the ~/.ssh/authorized_keys file of the target user account on the target machine. Then enable public key authentication on the target machine (in /etc/ssh/sshd_config) and you should be good to go.
NOTE: there are many possible pitfalls in this process when you do it for the first time. All the permissions have to be correct, and the files have to be in the right places. It's probably best if you follow a HowTo like this one.