This is my code:
ssh-keygen -t rsa -C "$APP"
This works perfectly. However it then asks me to specify location and password. I was hoping I can automate this all in one go, however this command fails:
ssh-keygen -t rsa -C "$APP" -P "$SSHKEYPASS" -T ~/.ssh/id_rsa.pub
This command seems to fail though, when I specify the password I want for the key and location in the same line. I don't really understand the man page:
http://linux.die.net/man/1/ssh-keygen
Can anyone tell me where I have gone wrong?
-P is for the old passphrase, to create a key I assume you want -N for the new passphrase.
-T is for DH group test output it appears (not that I know what that is exactly).
You want -f to specify the key filename. And you specify the private key file not the public key file.
So try:
ssh-keygen -t rsa -C "$APP" -N "$SSHKEYPASS" -f ~/.ssh/id_rsa
Related
In ~/.ssh I have github and bitbucket private key files. Both are encrypted, so when I ssh-add ~/.ssh/github I have to enter a password.
I have a bash script to automate git commands. If the github and/or bitbucket identities have NOT been added yet, then I want to ssh-add them.
I'm looking for a function like:
has_identity_been_added ~/.ssh/github
To simply check if the private, encrypted key file has been added.
I found:
ssh-add -l prints out a string of text for each identity... and I don't know what it is, but it's not the key file name
ssh-add -L prints the public key, which I'm not storing on my local machine, so I'm not sure how to verify against it, without asking for the private key file's password again.
Both of those print the name I gave to the key file like reed#laptop-x1834 (I think that was the automatic name, cause I didn't specify -C in the ssh-keygen, if memory serves).
I'm not sure where to go from here. I don't want to rely upon the ssh-keygen -C "whatever_name".
ssh-add -l print out fingerprint of the keys added.
You can get the fingerprint of a public key with :
ssh-keygen -l -f id_rsa.pub
I can add pem files to my SSH agent very easily using ssh-add, like so:
$ ssh-add /home/jsmith/keys/mytest.pem
But I can't seem to remove them:
$ ssh-add -d /home/jsmith/keys/mytest.pem
Bad key file /home/jsmith/keys/mytest.pem: No such file or directory
The pem file still exists though... I haven't moved or changed it in any way. Why am I having so much trouble removing this pem file from my SSH agent that I just added a moment ago? What's the correct way to do this?
I want to avoid using ssh-add -D (with a capital "D") because that would delete all of the identities from my SSH agent, and I only want to delete the one I've specified.
You have to use the public key for this. So first extract the public key and then remove it from the agent.
ssh-keygen -y -f /home/jsmith/keys/mytest.pem > /home/jsmith/keys/mytest.pub
ssh-add -d /home/jsmith/keys/mytest.pub
The man page mentions the "public" key as well: "if no public key is found at a given path, ssh-add will append .pub and retry".
The best alternative I've found is to re-add the same file but with a life-time of 1 second:
ssh-add -t 1 myfile.pem
It is easier to remember than extracting the public key.
If you know the comment associated with the key you can simply get the public key from the agent and pipe it back in to delete it.
ssh-add -L | grep -F 'test#example.com' | ssh-add -d -
I have 2 systems that I use almost daily. One is desktop located within office premises and another one is laptop. Both are running Ubuntu LTS linux.
I know that SSH keys generated on one system can be copied to another system and it won't break anything like pushing/committing. But I don't want to do that. I need to track from which system I had push/committed the code.
To achieve that I have added 2 diff. emails to my GitHub account.
john+desktop#gmail.com
john+laptop#gmail.com
Now I need to generate diff. SSH keys on desktop and laptop, but I don't know how to do that.
A friend of mine suggested me to read this article. Step 2 shows following code
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
# Creates a new ssh key, using the provided email as a label
Generating public/private rsa key pair.
Above command has provision to pass email address, but it mentions email address as a label. I didn't understand label part of the command.
Should below commands solve my query?
ssh-keygen -t rsa -b 4096 -C "john+desktop#gmail.com"
ssh-keygen -t rsa -b 4096 -C "john+laptop#gmail.com"
According to the ssh-keygen manual the -C parameter is used to provide a comment.
-C comment
Provides a new comment.
This comment is useful to remember what the key is for. On github, setting the comment to the email helps you remember for which email account you are using that specific key.
Your commands will definitely solve your problem but also theese will do the trick
ssh-keygen -t rsa -b 4096 -C "github key number desktop"
ssh-keygen -t rsa -b 4096 -C "github key number laptop"
You can change the comment later by editing the pub file with any text editor.
I need to use a bash script to do the following:
generate public private key on NodeA
Copy the public key into a remote NodeB 's authorized_keys
Add NodeB to NodeA's known_hosts.
I need to do all this without a password prompt for ssh-ing into NodeB
In the second step I am even specifying the private key with "-i".
The following script I have now still asks for password
#!/bin/bash
sudo ssh-keygen -t rsa -N "" -f /root/.ssh/id_ccn_rsa
ssh -i /root/.ssh/id_ccn_rsa -o StrictHostKeyChecking=no $1
sudo sh -c "ssh-keyscan $1 >> /root/.ssh/known_hosts"
There is no magic.
To deploy the key you MUST be able to login without the key at least one time. Or have someone who can login and has root access deploy the public key for you.
You cannot login without a password and without a key unless your account was set up without a password AND sshd was configured with the non-default PermitEmptyPasswords yes option.
I just installed ubuntu and would like to set its rsa keys up with bitbucket/github. When I ssh-keygen the keys are generated as they should be
ssh-rsa AA...yBEz3pLL georgemauer#ubuntu
which is perfectly usable except the username part. In every rsa key I've generated previously, the username section read my email address:
ssh-rsa AA...yBEz3pLL gmylastname#gmail.com
No, it's not a major impediment but if I don't get this right it will drive me crazy. How, do I generate with rsa keys with an email username of my choice?
Use the -C option to provide a new comment with your key.
Explanation: In general, the last string in your ssh public key would be a single comment which in default configured to your user#host. You can override this comment by adding -C argument and edit this string.
For example In default behaviour, lets say that - if your linux hostname is Ubuntu and your user name is john.doe while you watch your public key performing cat ~/.ssh/id_rsa.pub you would see something like this:
ssh-rsa <someReallyBigToken>== john.doe#ubuntu
Documentation:
ssh-keygen will by default write keys in an OpenSSH-specific format.
This format is preferred as it offers better protection for keys at
rest as well as allowing storage of key
comments within the private key file itself. The key comment may be useful to help identify the key. The comment is initialized to
``user#host'' when the key is created, but
can be changed using the -c option.
Solution: override this comment and use -C argument for comment.
ssh-keygen -t rsa -b 4096 -C message-in-a-bottle
cat ~/.ssh/id_rsa.pub
// output:
ssh-rsa <someReallyBigToken>== message-in-a-bottle
ssh-keygen -t rsa -f ~/.ssh/[KEY_FILENAME] -C [USERNAME]
I use this command for generating the SSH key for generating GitHub, GitLab, and GCP.
Here is the documentation for creating an SSH key with a username.