How to transfer my SSH keys to another machine?

ssh linux

Edited: If you own both machines, you may share your private key. But this solution is not safe for case of stolen notebook or for machines you don't own.

You may copy your private keys from H1 to H2, if you want to use the same private key to be able to login from H2 to S1. When you at H1 do the commands:

H1$ ssh H2 mkdir ~/.ssh
H1$ scp  ~/.ssh/id_rsa ~/.ssh/id_dsa H2:~/.ssh/

Warning! This will delete and replace any private key you had at H2.

Better way is to generate new private keys on H2 (ssh-keygen) and install their public part on S1 with ssh-copy-id util. In this safer case you will have two sets of keys; one is for H1-S1 login and second for H2-S1 login. There will be two public keys authorized at S1. And you will be able to revoke any of them or both (for example, when you notebook is stolen, or owner of the machine decides to disable you account and reuse all your files).


Use ssh-copy-id

SYNOPSIS

ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/authorized_keys file.


Use two private keys

Set up H2 using the same process (but not the same private key) as you did when you set up H1:

  • There is never a good reason to copy a private key from some other machine. If you haven't already generated a fresh private key on H2, do so now. Also generate the corresponding public key. In a terminal on H2,

type: ssh-keygen -t rsa

  • Copy your H2's public key to the server. In a terminal on H2,

type: ssh-copy-id [email protected]

(but use your actual username on S1 and S1's hostname, and later type in your password on S1 when it asks for it).

This installs the public key of your workstation into the ~/.ssh/authorized_keys file for that user on the server.

  • There is no step 3. From now on, you can log into the S1 from your H2, and also log into the S1 from your H1.

details

I assume that what you are really asking is

  • I have a server ("S1")
  • I log in to my server from my personal laptop ("H1")
  • I also want to log in to my server from my workstation ("H2").

What is the right way to do that?

  • I suppose I could simply log in with the same password from both places. That can't be the right way, because everyone says that public key authentication is much better than passwords. (a)
  • I suppose I could simply copy the private key from my laptop to my workstation. That can't be the right way, because everyone says that the private key is never supposed to leave the client machine.

People have it hammered into their head that one account on a server has a single username and, of course, a single authorized password.

Public-key systems like ssh are better than the password system: One account on a server has a single username and any number of authorized public keys, all of them listed in the ~/.ssh/authorized_keys file.

(more details).


All the questions here address the issue of copying identity from one server to another server by making use of ssh-copy-id, which is not the point of the question.

The problem that the questions seem to ask is how to make use of the same private-public key pair generated and used on a personal computer (H1) can be used on another personal machine (H2) so as not to have to set up a new private-public key and manually add it to each server that we used to connect to.

This is not advisable for security reasons as extensively mentioned by others, however, it is possible to achieve with per the following steps:

  1. Copy your private (e.g. ~/.ssh/id_rsa) and public (e.g. ~/.ssh/id_rsa.pub) from your H1 machine to your H2 machine in location ~/.ssh (Do this only through a trusted USB that you will format afterwards, do not use emails or any other internet-based medium). When you will execute the following command in H2 ls -alt ~/.ssh the output will contain at least the following:
-rw-r--r--  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub
  1. On H2, change the permission of the private key to be less accessible (otherwise next step will follow) with the command chmod 600 ~/.ssh/id_rsa, so that the output of the following command ls -alt ~/.ssh will contain the following (notice the difference from the above permission):
-rw-------  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub
  1. Final Step. on H2, now use the command ssh-add ~/.ssh/id_rsa to enable the private-public key pair to be used to identify yourself from H2 to any server that you will connect to by using the private-public key that you imported.

Now, any ssh or scp command such as ssh yourUserName@ip-address should succeed as if you were logged into H1.

Security Considerations:

  • PLEASE CONSIDER OTHERS SUGGESTIONS FOR BETTER SECURITY, AKA GENERATE A NEW PRIVATE-PUBLIC KEY PAIR
  • The only case in which I see this to be useful is when moving on to a new machine for good so that H2 will become your primary computer and H1 will not be used anymore;
  • If you are using both H1 and H2 still, there is no plausible good reason to use the same private-public key pair from H2.

Related

Where can I find a list of all formulas available for homebrew?
How can I run a command from the terminal without blocking it?
How to check all timestamps of a file?
How to change path to executable for a Windows Service?
How to completely uninstall/remove cygwin from Windows 7
How to rate-limit a pipe under linux?
The locking clip/tab on my Ethernet cable's plug is broken. How can I fix it?
Is there a reason to keep Windows' primary partition / drive C: small?
How does a CPU 'know' what commands and instructions actually mean?
Is there a way to xcopy just changed or new files?
Escape Skype Messages to Use Special Character Combinations
How to find out which versions of a package can I install on APT