Security

How to manually add ssh keys for key-authentication

If you need to get ssh keys copied from client to server but ssh-copy-id isn't an option, you'll have to go the manual route. Here's how to do it.

Image: Jack Wallen

Secure Shell is one of those tools you will eventually use during your time as an administrator. Chances are you use it now and with regularity. In fact, you might have already set up ssh key authentication between your desktop and server. With the help of the ssh-copy-id command, that task is made incredibly simple. But there may be a reason you might want to copy that key manually. Say, for instance, your security administrator requires PasswordAuthentication be set to no on your server (for security purposes). This option disables all ssh authentication, besides key authentication. If that is set (and you aren't allowed to turn that option off), the ssh-copy-id cannot reach the server to copy the necessary keys. If that's the case, you'll have to copy the keys manually. Let me show you the easiest method.

I am going to assume you already have the necessary ssh key on your client and (as I already mentioned) and that you have user accounts on both client and server with the same username. I will be demonstrating this on the Ubuntu Server 16.04 (server) and Elementary OS (client) platforms. Should your platforms differ, you might have to alter the instructions slightly.

Locating your public key

What we are going to do is copy the ssh public key from the client machine to the server. The first thing you must do is copy your public ssh key from the client machine. To do this, log into the client machine as the user that will logging into the server. Once logged in, issue the command:

cat ~/.ssh/id_rsa.pub

The above command will output your entire public key that begins with ssh-rsa and ends with USERNAME@HOST (Where USERNAME is the user name and HOST is the hostname of the machine). You must copy that entire string and transfer it to your server (by means of USB drive, email, or however you can get it there).

Saving your public key

Once you have your key saved on the server, you must copy the key string (remember, beginning with ssh-rsa and ending with USERNAME@HOST) to the /home/USERNAME/.ssh/authorized_keys file (Where USERNAME is the user in question). If that file doesn't exist, create it with the command nano ~/.ssh/authorized_keys. With that file open, copy the ssh string into it and then save/close the file.

Logging in

At this point, you should be able to go back to the client machine and issue the command ssh -v USERNAME@HOST (where USERNAME is the user and HOST is the IP address or domain of the server) and be prompted for the ssh key password (not the user password). That's it, you have manually copied your ssh key from the server to the client and can now access your server, via ssh, using ssh key authentication.

So much more to learn

Secure shell is an incredibly powerful and flexible tool. One of the first things you should do is to give the ssh man page a read (issue the command man ssh) to get a solid grasp on the fundamentals of this must-use tool.

Also see

About Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.

Editor's Picks

Free Newsletters, In your Inbox