SSH Keys Cheat Sheet

With an SSH private/public key pair, you can securely login to a remote server without entering an password.

Create a new key pair (private/public)

ssh-keygen -t rsa -b 2048 -C "email@example.com"

This will create a private key (id_rsa) and a public key (id_rsa.pub) in your ~/.ssh directory.

If you need more than one keypair, add -f ~/.ssh/id_rsa_othername to create the key pair with another name

Never share the private key.

Add the public key to an remote server

If you only have access to a remote server with a username/password combination (like ssh username@server.de) you can remotely add your public key to that server:

ssh-copy-id -i ~/.ssh/id_rsa.pub username@server.de

The result will be similar to this

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@server.de's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'username@server.de'"
and check to make sure that only the key(s) you wanted were added.

After that, you can login without entering a password (only if you created your key without a password. Otherwise it will prompt for that password, not the password of the user on the remote server)

Know how you are talking to

After every first connection with a remote server, SSH will save the fingerprint of that server to ~/.ssh/known_hosts. On every following connection, SSH verify the fingerprint of the server with the known fingerprint and declines the connection if they don’t match.

Check if your key is added to Gitlab

If you are not sure if your key is already added to Gitlab, you can either try to add it again (you will get an error if the fingerprint is already added globally. Yes, you can every key only once) or you can compare the fingerprint.

Gitlab shows only the fingerprint (MD5) of the added keys, so you have to generate the fingerprint for your local key with

ssh-keygen -l -E md5 -f ~/.ssh/id_rsa.pub

Schreibe einen Kommentar