I am creating ssh keys and want to know if the process is any different from regular Linux instructions when using SB? .ssh did not exist, so that is one difference. Are there more I need to be aware of?
Can anyone direct me to a tutorial for generating ssh keys?
SSH keys are always created and stored in the ~/.ssh directory, so it should be no different with silverblue than for any other version of fedora.
This is how the .ssh directory and keys are generated
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/USER/.ssh/id_rsa):
Created directory '/home/USER/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/USER/.ssh/id_rsa
Your public key has been saved in /home/USER/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:N02Xj2pf4SQdjthiowEROuIT1rPevO9lvCSho3s6EuI USER@fedora
The key's randomart image is:
+---[RSA 3072]----+
| o. |
| . . . . |
| + = . . o. |
| o o + . oo.+o.|
| o . Soo=.+.=.|
| . .o o ..*.o.+ .|
|. . .. = o =o ..|
| E . ...o =... . |
| .+=.oo . . |
+----[SHA256]-----+
and a quick search for how to generate the keys gave me this
Generate SSH Keys on Linux(%2Fhome%2Fuser%2F.
2 Likes
Thanks Jeff, that is quite helpful. A further question: is it possible to simply copy the key pairs from one computer to another? I tried and got access denied errors. Looking at the keys, they have a comment at the end of username@machinename. Will the keys work with the old username@hostname on the new machine?
Yes, the keys may be copied.
Look at the permissions of ~/.ssh and the content.
# ls -l .ssh
total 12
-rw-r--r--. 1 USER USER 577 Sep 6 2021 authorized_keys
-rw-------. 1 USER USER 2610 Sep 6 2021 id_rsa
-rw-------. 1 USER USER 1660 Feb 21 2022 known_hosts
The files id_rsa and authorized_keys are generated as shown above.
The file known_hosts is created (& updated) when the user connects using the keys to another host and then is checked every time the user connects to the same host to verify it is the same machine each time.
Copying the keys to another host allows the same user id to connect bidirectional between the hosts.
Note that the id_rsa file is the private key and should only be on a host where the user can confirm that it is secure. the authorized_keys file is the public key.
I have both files on each system at home and have otherwise totally default config for ssh & sshd. (under /etc/ssh/). This allows me to use ssh with no passwords between the hosts. (rsync works the same as well since it runs under the ssh protocols)
The user must enable sshd on each machine they wish to connect to from a remote host.
Thanks for your helpful post @computersavvy .
This may work now, since I have just done a clean install of Silverblue. I did
mkdir .ssh in ~/.
The old hostname is eos-22 and the new one is sb and they have the same username.
The public key has at the end michael@eos-22 which became my label in the Cloud hosting SSH. The question is will that comment have any impact on the new machine?
Michael
This will create a directory with the incorrect (default) permissions.
The ~/.ssh directory MUST have only these permissions or ssh will not function properly (if at all)
$ ls -ld .ssh
drwx------. 2 USER USER 4096 Jan 17 18:35 .ssh
I don’t think that ending of the public key has any bearing on how ssh works. It only identifies where the key was generated and who originated it AFAIK