# Generate a new key pair, 3072-bit RSA by default ssh-keygen # Generate a new Ed25519 key pair ssh-keygen -t ed25519 After you have used this utility, you will have two files, by default ~/.ssh/id_ (the private key) and ~/.ssh/id_.pub (the public key). The ssh-keygen utility can be used to generate a key pair to use for authentication. As far as I remember, even older versions didn't probe the agent and just read the default path ~/.ssh/id_rsa.pub by default.Skip this if you already have a public / private key pair on your client machine that you intend to use to connect to the OpenWrt SSH server. Older versions of the script and non-Linux versions don't have this most-recent-file behavior. pub file to reinstate it as the most recent. The most recent file that matches: ~/.ssh/id*.pub, (excluding those that match ~/.ssh/*-cert.pub) so if you create a key that is not the one you want ssh-copy-id to use, just use touch(1) on your preferred key's. If there is no running agent or it doesn't have any key, recent Linux ssh-copy-id look for ( straight from the man page) The public key file can also contain a comment (which you can set with ssh-keygen -C), and the agent does not load this comment, so if you use ssh-copy-id and it takes a key via the agent, the remote host won't have this comment in authorized_keys.
This is only true of the “mathematical” part of the key, however.
The answer is that it's always possible to reconstruct the public key from the private key (this is true of all the cryptosystems that SSH supports and most that it doesn't). You might wonder how the agent can do this since you don't pass it a public key either. ssh-add -L outputs a list of public keys for which you have the private key in the agent. Note that there are several different versions of the script Arch Linux and RHEL/CentOS seem to have the same version as Debian/Ubuntu, but FreeBSD has slightly different options.īy default, ssh-copy-id calls ssh-add -L to list the keys that you have registered in the SSH agent.
#Ssh copy key file manual#
This is pretty well documented in the manual page on recent systems. Looking at the bash script itself leaves me a little confused as to how it accomplishes this. In fact, I can create a keypair called randompair, load randompair, rename rendompair.pub as newname.pub, run ssh-copy-id and it still loads the correct public key. So the logic that I'm seeing about searching for an id*.pub in the man page doesn't seem to apply.
I run ssh-add before running ssh-copy-id), it still works as long as I have the private key loaded, and I don't understand how it gets the public key.Įdit: To clarify, I am not keeping the default id*.pub naming convention. But if I DON'T provide the public key (i.e. I hope I am being clear - I've always run ssh-copy-id -i and it makes sense to me how this works - it logs in and copies the public key to the authorized keys file. How does ssh-copy-id know which public key matches the private key I have loaded locally when I run the command? How does it know what to add to the authorized keys file when I don't provide it? ssh/authorized_keys file, and see the public key that my private key matches, which is what confuses me - I never provided a public key. I have previously always run this command with -i as an argument, but now realize I don't need the path to the public key. When I enter the correct password, I can now log in with the key. When I have a private key loaded for a user, I can run ssh-copy-id and will be prompted for a password.
0 kommentar(er)
