SSH Keys
Updated on 03 Oct 2020
SSH keys are an encrypted protocol used to administer and communicate with servers. You will have a private key (on the client machine), and a corresponding public key on the server.
Some common commands that we are likely to use
- ssh-keygen - creates a key pair for public key authentication
- ssh-copy-id - configures a public key as authorized on a server
- ssh-add - tool to add a key to the agent
Here are some additional notes to help us with ssh-keys.
- https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1804
- https://www.ssh.com/ssh/command/
add user on remote machine
In this particular example I created an Ubuntu VM called server1. I have updated my local /etc/hosts
file so that I can reference server1 and it will know which VM to talk to.
- local Ubuntu (desktop) VM -> A different Ubuntu (server1) VM
On server1, create a new user.
adduser jenkins
Create the ssh key
Inorder to communicate without passing usernames and passwords around, we’ll use a ssh-key. On our local machine, and as the jenkins user (which would have been created when you installed jenkins), create a ssh-key.
ssh-keygen
This will create a 2048-bit RSA key pair, however we can pass in the -b 4096
flag to create a larger 4096-bit key if we want.
When we are prompted for a password, we just hit enter (leaving the password field blank).
Warning
You can only have one ssh-key at a time. If you already have an existing key, the previous command will over-write it. This means that any authentication setup you might have with other servers will no longer work!
Viewing keys
Your ssh keys are stored in your home folder under .ssh
. This is because the ssh keys are linked to your user account.
If you are asked to send the public key, this would be (in my case) the id_rsa.pub file. You can either send that file or the contents of it.
Copy the ssh key to server1
Now we need to copy the public key part of our ssh-key to the other VM, server1.
ssh-copy-id jenkins@server1
When we are prompted for the password, this is the password to login to server1 under the jenkins user. It is not the password for the ssh-key (which we left blank).
Testing
There are a couple of things that we can test
- that we can ssh into server1 from our local Ubuntu
- that we can copy a file from our local Ubuntu to server1
Test ssh
ssh jenkins@server1
Test scp
scp -i ~/.ssh/id_rsa test1.txt jenkins@server1:/home/jenkins/
And check that it does exist on server1
Test rsync
rsync -avz test1.txt jenkins@server1:/home/jenkins/
Where
a
is archive. Keeps the file permissions, ownership and timestamps.v
is verbose. Give us plenty of feedback on what is happeningz
compress. Compress the file(s) as they are going acrossr
recursivily - used for copying sub-directories inside directories etc.