Sharing SSH Keys to login?
Solution 1
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa
), and the public key (~/.ssh/id_rsa.pub
). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.
You never pass the secret key to any other party, as that would give them the ability to impersonate you.
As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.
If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys
or in your Macs id_rsa.pub
. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub
.
If you want to login using both keys, you'll need to arrange both in the authorized_keys
on the target server.
If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)
Passing the public key (id_rsa.pub
) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.
Solution 2
The .pub
in the filename id_rsa.pub
indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh
. The corresponding private key which should not be shared is id_rsa
.
By adding your id_rsa.pub
in a remote ~/.ssh/authorized_keys
, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa
to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub
file.
Solution 3
Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.
If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.
Related videos on Youtube
Admin
Updated on September 18, 2022Comments
-
Admin over 1 year
I am little bit lost or confused.
I have some secure server where inside
~/.ssh/authorized_keys
i have a key to remotely login those servers from my desktop (mac book )Now that secure server need to SFTP/SCP to some third party servers
They provided me SSH ip, username, password, but i need to login with key. They asked me to share key.
Now confused which key i have to share to them?
id_rsa.pub
or the key from~/.ssh/authorized_keys
NOTE: if i share my id_rsa.pub key to third party can they use it to hack my secured servers in point 1?
-
Admin almost 6 yearsInstead of i create cant they create a key for me? And give me a key?
-
Admin almost 6 years(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
-
jayeshkh007 almost 6 yearsyeah that also possible
-
Admin almost 6 yearsWhat do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
-
user4556274 almost 6 yearsNo, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
-
jayeshkh007 almost 6 yearsI would suggest you create new user with specific rights on server and create key for that user and share with thirty party user. This is safe way.
-
Admin almost 6 yearsOK!!!! that means i can safely share my
id_rsa.pub
key. Because nobody hasid_rsa
private key of mine -
Doktor J almost 6 years@YumYumYum in the context of your question, yes they are asking you to share the
id_rsa.pub
key (for installation on their server), and there is no risk from doing so. The privateid_rsa
part is the part that should never be shared.