How are public keys "sent" to servers, and how are private keys "used" for SSH?

ssh linux public-key-encryption

Solution 1:

ssh-keygen generates both the public and private keys, which initially reside only locally. Giving the public key to another host is something that the user would need to manually do, either by sending it to someone responsible for server B, or if you have an account with a password, you could log in and put it there yourself. In order to allow passwordless login to server B, you would need to add your public key to the ~/.ssh/authorized_keys file on server B (one public key per line, there can be any number of keys in this file). There is a linux command ssh-copy-id that will copy the ID for you and put it in the file.

By default, ssh will use the file ~/.ssh/id_XXX as your private key. XXX can be rsa, dsa, or any protocol for which a key was generated. IIRC, dsa is old and shouldn't be used. If you want to use a different private key, you can specify it in your ssh command using -i. As long as the private key being used matches a public key on the remote machine (in the authorized_keys file for the user's account which you are logging in to), then you will not need to supply a password.

Solution 2:

There are two Linux machines, A and B. Scripts running on A need to be able to SSH into B. So A generates a public key (probably an ssh-keygen-generated id_rsa.pub), and then uses its respective private key (again, probably id_rsa) to make that SSH connection.

If anything I’ve said above is incorrect or misled, please begin by correcting me!

Assuming I’m more or less on target:

yeah

but B needs A's public key to be listed in B's authorized_keys file in order for A to be able to connect to B

also you can delete id_rsa.pub and ssh to B and it will still work, because the public key is generated fresh with each ssh connection and not stored in any id_rsa.pub

How does A “give” B its public key (id_rsa.pub)? Does this have to be a manual process, or can it be automated? If manual, what’s the process? If automated, what’s the command?

manual- something like

from A-

cat ~/.ssh/id_rsa.pub | ssh USER@HOST "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

or even more manually, to break the command down

A$ cat id_rsa.pub | ssh user@host 'cat>~/a.a'

then on B, make sure ~/.ssh exists then do cat a.a >> ~/.ssh/authorized_keys

and you can cat authorized_keys of B before and after to make sure the key is listed.

Or you could email id_rsa.pub to an email account, then from B, B can check the email and append the contents of id_rsa.pub into his authorized_keys file

automatically

The ssh-copy-id command

You need to be able to ssh in, so you need password access

Instead of doing ssh user@host you do ssh-copy-id user@host and you are prompted for a password, you enter it, you're in, it will copy the public key over. And next time you do ssh user@host it will use the key.

When B "gets" this public key, where does it go or get stored?

B's ~/.ssh/authorized_keys

When initiating the SSH connection to B, how does A “use” its private key (id_rsa) as part of that connection?

well, I don't know much about that, off the top of my head, but whatever is encrypted with one key can be decrypted with the other key, and identifying yourself is a bit different to sending data.. and there may be something about a temporary key too.

Related

What is 'System and compressed memory' and why is it using so much memory? [duplicate]
Windows suddenly won't boot, "CRITICAL_SERVICE_FAILED"
HDMI input through USB C?
How is it possible to find out the HDMI version on windows?
How to disable automatic capitalization in LibreOffice Calc?
Where is the source for rails command line like new, generate located?
Trying to pass selected value from dropdown and substituting in path for redirection
Updating a global variable from within a function
Angular Error in Console of the web browser
Creating a dynamic JSON using a python list
directly get svf from BIM360 hub/project/model
Formatting a number to have commas at every 1000 factor