Перенос ssh ключа на другой компьютер windows - Доктор Windows

I have accounts on two machines: H1 and H2. I created ssh keys on H1 and installed it on S1. I can now ssh to S1 from H1. I want to do the same from H2. How do I install the ssh keys generated on H1 on H2?

Alexander

3532 gold badges5 silver badges15 bronze badges

asked Sep 6, 2011 at 15:12

Edited: If you own both machines, you may share your private key. But this solution is not safe for case of stolen notebook or for machines you don’t own.

You may copy your private keys from H1 to H2, if you want to use the same private key to be able to login from H2 to S1. When you at H1 do the commands:

H1$ ssh H2 mkdir ~/.ssh
H1$ scp  ~/.ssh/id_rsa ~/.ssh/id_dsa H2:~/.ssh/

Warning! This will delete and replace any private key you had at H2.

Better way is to generate new private keys on H2 (ssh-keygen) and install their public part on S1 with ssh-copy-id util. In this safer case you will have two sets of keys; one is for H1-S1 login and second for H2-S1 login. There will be two public keys authorized at S1. And you will be able to revoke any of them or both (for example, when you notebook is stolen, or owner of the machine decides to disable you account and reuse all your files).

answered Sep 6, 2011 at 15:23

osgxosgx

6,4877 gold badges55 silver badges71 bronze badges

Use ssh-copy-id

SYNOPSIS

ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

ssh-copy-id is a script that uses ssh to log into a remote machine and
append the indicated identity file to that machine’s ~/.ssh/authorized_keys file.

answered Sep 6, 2011 at 15:14

Mu QiaoMu Qiao

5593 silver badges3 bronze badges

Use two private keys

Set up H2 using the same process (but not the same private key) as you did when you set up H1:

There is never a good reason to copy a private key from some other machine. If you haven’t already generated a fresh private key on H2, do so now. Also generate the corresponding public key. In a terminal on H2,

type: ssh-keygen -t rsa

Copy your H2’s public key to the server. In a terminal on H2,

type: ssh-copy-id username@S1.net

(but use your actual username on S1 and S1’s hostname, and later type in your password on S1 when it asks for it).

This installs the public key of your workstation into the ~/.ssh/authorized_keys file for that user on the server.

There is no step 3. From now on, you can log into the S1 from your H2, and also log into the S1 from your H1.

details

I assume that what you are really asking is

I have a server («S1»)
I log in to my server from my personal laptop («H1»)
I also want to log in to my server from my workstation («H2»).

What is the right way to do that?

I suppose I could simply log in with the same password from both places. That can’t be the right way, because everyone says that public key authentication is much better than passwords. (a)
I suppose I could simply copy the private key from my laptop to my workstation. That can’t be the right way, because everyone says that the private key is never supposed to leave the client machine.

People have it hammered into their head that one account on a server has a single username and, of course, a single authorized password.

Public-key systems like ssh are better than the password system:
One account on a server has a single username and any number of authorized public keys, all of them listed in the ~/.ssh/authorized_keys file.

(more details).

answered Aug 21, 2014 at 15:57

David CaryDavid Cary

90312 silver badges27 bronze badges

All the questions here address the issue of copying identity from one server to another server by making use of ssh-copy-id, which is not the point of the question.

The problem that the questions seem to ask is how to make use of the same private-public key pair generated and used on a personal computer (H1) can be used on another personal machine (H2) so as not to have to set up a new private-public key and manually add it to each server that we used to connect to.

This is not advisable for security reasons as extensively mentioned by others, however, it is possible to achieve with per the following steps:

Copy your private (e.g. ~/.ssh/id_rsa) and public (e.g. ~/.ssh/id_rsa.pub) from your H1 machine to your H2 machine in location ~/.ssh (Do this only through a trusted USB that you will format afterwards, do not use emails or any other internet-based medium). When you will execute the following command in H2 ls -alt ~/.ssh the output will contain at least the following:

-rw-r--r--  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub

On H2, change the permission of the private key to be less accessible (otherwise next step will fail) with the command chmod 600 ~/.ssh/id_rsa, so that the output of the following command ls -alt ~/.ssh will contain the following (notice the difference from the above permission):

-rw-------  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub

Final Step. on H2, now use the command ssh-add ~/.ssh/id_rsa to enable the private-public key pair to be used to identify yourself from H2 to any server that you will connect to by using the private-public key that you imported.

Now, any ssh or scp command such as ssh yourUserName@ip-address should succeed as if you were logged into H1.

Security Considerations:

PLEASE CONSIDER OTHERS SUGGESTIONS FOR BETTER SECURITY, AKA GENERATE A NEW PRIVATE-PUBLIC KEY PAIR
The only case in which I see this to be useful is when moving on to a new machine for good so that H2 will become your primary computer and H1 will not be used anymore;
If you are using both H1 and H2 still, there is no plausible good reason to use the same private-public key pair from H2.

answered Nov 24, 2020 at 15:10

FedFed

2202 silver badges6 bronze badges

For shifting of SSH keys from one computer to another. Just copy the entire folder from ~/.ssh from H1 (old machine) to ~/.ssh content folder of new machine H2.

Now try:

ssh ubuntu@13.123.43.26 (your S1 ip)

Most probably you will get a permission warning to fix that run:

chmod 400 ~/.ssh/id_rsa

Now again:

ssh ubuntu@13.123.43.26 (your S1 ip)

It will work fine now.

answered Sep 30, 2019 at 4:13

Shaurya UppalShaurya Uppal

1911 gold badge3 silver badges8 bronze badges

Transfer the keys using scp like this:

scp /home/[user]/.ssh/id_rsa* user@ip:/home/[user]/.ssh/

answered Nov 17, 2020 at 13:29

Источник

Alexander

3532 gold badges5 silver badges15 bronze badges

asked Sep 6, 2011 at 15:12

Edited: If you own both machines, you may share your private key. But this solution is not safe for case of stolen notebook or for machines you don’t own.

You may copy your private keys from H1 to H2, if you want to use the same private key to be able to login from H2 to S1. When you at H1 do the commands:

H1$ ssh H2 mkdir ~/.ssh
H1$ scp  ~/.ssh/id_rsa ~/.ssh/id_dsa H2:~/.ssh/

Warning! This will delete and replace any private key you had at H2.

answered Sep 6, 2011 at 15:23

osgxosgx

6,4877 gold badges55 silver badges71 bronze badges

Use ssh-copy-id

SYNOPSIS

ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

ssh-copy-id is a script that uses ssh to log into a remote machine and
append the indicated identity file to that machine’s ~/.ssh/authorized_keys file.

answered Sep 6, 2011 at 15:14

Mu QiaoMu Qiao

5593 silver badges3 bronze badges

Use two private keys

Set up H2 using the same process (but not the same private key) as you did when you set up H1:

There is never a good reason to copy a private key from some other machine. If you haven’t already generated a fresh private key on H2, do so now. Also generate the corresponding public key. In a terminal on H2,

type: ssh-keygen -t rsa

Copy your H2’s public key to the server. In a terminal on H2,

type: ssh-copy-id username@S1.net

(but use your actual username on S1 and S1’s hostname, and later type in your password on S1 when it asks for it).

This installs the public key of your workstation into the ~/.ssh/authorized_keys file for that user on the server.

There is no step 3. From now on, you can log into the S1 from your H2, and also log into the S1 from your H1.

details

I assume that what you are really asking is

I have a server («S1»)
I log in to my server from my personal laptop («H1»)
I also want to log in to my server from my workstation («H2»).

What is the right way to do that?

I suppose I could simply log in with the same password from both places. That can’t be the right way, because everyone says that public key authentication is much better than passwords. (a)
I suppose I could simply copy the private key from my laptop to my workstation. That can’t be the right way, because everyone says that the private key is never supposed to leave the client machine.

People have it hammered into their head that one account on a server has a single username and, of course, a single authorized password.

(more details).

answered Aug 21, 2014 at 15:57

David CaryDavid Cary

90312 silver badges27 bronze badges

All the questions here address the issue of copying identity from one server to another server by making use of ssh-copy-id, which is not the point of the question.

This is not advisable for security reasons as extensively mentioned by others, however, it is possible to achieve with per the following steps:

Copy your private (e.g. ~/.ssh/id_rsa) and public (e.g. ~/.ssh/id_rsa.pub) from your H1 machine to your H2 machine in location ~/.ssh (Do this only through a trusted USB that you will format afterwards, do not use emails or any other internet-based medium). When you will execute the following command in H2 ls -alt ~/.ssh the output will contain at least the following:

-rw-r--r--  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub

On H2, change the permission of the private key to be less accessible (otherwise next step will fail) with the command chmod 600 ~/.ssh/id_rsa, so that the output of the following command ls -alt ~/.ssh will contain the following (notice the difference from the above permission):

-rw-------  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub

Final Step. on H2, now use the command ssh-add ~/.ssh/id_rsa to enable the private-public key pair to be used to identify yourself from H2 to any server that you will connect to by using the private-public key that you imported.

Now, any ssh or scp command such as ssh yourUserName@ip-address should succeed as if you were logged into H1.

Security Considerations:

PLEASE CONSIDER OTHERS SUGGESTIONS FOR BETTER SECURITY, AKA GENERATE A NEW PRIVATE-PUBLIC KEY PAIR
The only case in which I see this to be useful is when moving on to a new machine for good so that H2 will become your primary computer and H1 will not be used anymore;
If you are using both H1 and H2 still, there is no plausible good reason to use the same private-public key pair from H2.

answered Nov 24, 2020 at 15:10

FedFed

2202 silver badges6 bronze badges

For shifting of SSH keys from one computer to another. Just copy the entire folder from ~/.ssh from H1 (old machine) to ~/.ssh content folder of new machine H2.

Now try:

ssh ubuntu@13.123.43.26 (your S1 ip)

Most probably you will get a permission warning to fix that run:

chmod 400 ~/.ssh/id_rsa

Now again:

ssh ubuntu@13.123.43.26 (your S1 ip)

It will work fine now.

answered Sep 30, 2019 at 4:13

Shaurya UppalShaurya Uppal

1911 gold badge3 silver badges8 bronze badges

Transfer the keys using scp like this:

scp /home/[user]/.ssh/id_rsa* user@ip:/home/[user]/.ssh/

answered Nov 17, 2020 at 13:29

Источник

Для тех, кто полагается на вход без пароля через ssh, а не на создание нового ключа SSH для нового клиентского компьютера, вы можете легко перенести ключи SSH с одного компьютера на другой. Это быстрое и простое решение для временной машины или имени пользователя или для использования на вспомогательной рабочей станции. Вы также можете использовать это для копирования ключей SSH между учетными записями пользователей на одном компьютере.

Если вы уже подключены к сетевому Mac, использование Finder — это простой способ скопировать ключи SSH. Сначала вы захотите показать скрытые файлы в OS X либо с помощью записи по умолчанию, либо с помощью такого инструмента, как DesktopUtility, а затем просто откройте каталог .ssh на обеих машинах и выполните перетаскивание:

С другой стороны, если вы уже находитесь в Терминале для включения скрытых файлов, вы также можете просто использовать командную строку для их перемещения.

Копирование ключей SSH из командной строки
Для многих из нас использование терминала происходит быстрее, вам, очевидно, придется подключиться к другому компьютеру через сеть, чтобы это работало.

cp .ssh/id_rsa* /Network/path/to/username/.ssh/

Достаточно просто, и будет работать с любой версией OS X и большинством вариантов unix или linux.

При желании вы также можете заархивировать ключевые файлы, а затем передать их через AirDrop, но это, вероятно, больше работы, чем необходимо.

Поскольку ключи SSH позволяют входить в систему без пароля, вы захотите безопасно удалить или, еще лучше, безопасно отформатировать жесткий диск, прежде чем он перейдет к новому владельцу. Это особенно верно в отношении временных компьютеров или арендованных машин.

Источник

Ключ ssh был сгенерирован давно, сейчас переустановил систему. Возник вопрос: как добавить готовый ключ на своё железо?

Моя система: ubuntu 18.04.1

A K

28.3k19 золотых знаков54 серебряных знака126 бронзовых знаков

задан 3 сен 2018 в 7:48

Ключи хранятся в папке .ssh домашнего каталога.

Файлов ключа два, как правило ключи имеют наименования id_rsa и id_rsa.pub — это значения для дефолтного ключа.

Для того, чтобы восстановить ключ — просто перенесите его со старой машины на новую.

Важно: на файл id_rsa права должны быть 600 — иначе ключ будет отвергаться утилитами.

ответ дан 3 сен 2018 в 9:04

A KA K

28.3k19 золотых знаков54 серебряных знака126 бронзовых знаков

Источник

Как использовать команду SCP в UNIX без пароля

Обновлено: 12.12.2020
Опубликовано: 13.10.2016

Данный пример приведен на разных UNIX-системах — копирование файла с FreeBSD на CentOS. Использовать его можно в различных средах.

Копирование данных утилитой scp выполняется по протоколу SSH. Таким образом, для беспарольного копирования необходимо разрешить подключение по SSH без пароля. Это делается с помощью сертификата безопасности.

Настройка SSH без запроса пароля
Копирование закрытого ключа на другой компьютер
Возможные проблемы

Генерация нового ключа и настройка беспарольного копирования

Для безопасной передачи данных между системами UNIX нужно сгенерировать закрытый и открытый ключи на одном компьютере и передать открытый на второй. Это делается по нижеописанному алгоритму.

На первом компьютере, с которого планируется копировать данные (FreeBSD) генерируем ключи:

ssh-keygen -t rsa

После нажатия Enter система попросит ввести параметры размещения ключа и пароль. Ничего не меняем, нажимая ввод и соглашаясь со значениями по умолчанию.

* в моем примере, генерация ключа проходила под учетной записью root и публичный ключ был создан по пути /root/.ssh/id_rsa.pub

Теперь скопируем публичный ключ на второй компьютер (CentOS):

scp /root/.ssh/id_rsa.pub dmosk@server2:/home/dmosk/.ssh/authorized_keys

* как видно, мы копируем сгенерированный ключ на компьютер server2, подключившись под учетной записью dmosk и размещаем его в домашнюю директорию этого пользователя под новым именем authorized_keys. Каталог /home/dmosk/.ssh должен быть создан на втором компьютере заранее командой mkdir.

После ввода команды система запросит пароль для учетной записи dmosk на компьютере server2 и скопирует ключ.

На втором сервере (CentOS или к которому будем подключаться и копировать на него данные) проверяем настройки ssh:

vi /etc/ssh/sshd_config

Мы должны найти строку:

AuthorizedKeysFile .ssh/authorized_keys

Если данной строки нет или опция AuthorizedKeysFile имеет другое значение, нужно привести конфигурацию к данному виду. После перезапустить службу ssh:

systemctl restart sshd

Готово. Последующие команды SCP на копирование данных с первого компьютера на второй будут выполняться без запроса пароля, например:

scp /tmp/backup.tar.gz dmosk@server2:/backup/

Перенос закрытого ключа на другой компьютер

В случае, если мы хотим использовать сгенерированный ключ на другом компьютере, переносим файлы id_rsa и id_rsa.pub. Например, у нас есть третий компьютер с Ubuntu (server3) и мы хотим теперь с него копировать файлы на CentOS без пароля. Заходим на компьютер с FreeBSD и копируем ключи:

scp /root/.ssh/{id_rsa,id_rsa.pub} root@server3:/root/.ssh/

* мы скопировали файлы id_rsa и id_rsa.pub на другой компьютер. Необходимо обратить внимание, что сертификаты должны находится к каталоге .ssh домашней паки того пользователя, от которого мы хотим подключаться.

Теперь с server3 можно копировать данные без пароля на server2:

scp /tmp/backup.tar.gz dmosk@server2:/backup/

Возможные ошибки

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED

Описание: при попытке передачи данных после копирования ключей выскакивает вышеописанная ошибка. Полный текст может быть, примерно, следующим:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
6f:e6:56:85:b6:be:52:3d:8c:5e:3a:8e:68:e2:0e:16.
Please contact your system administrator.
Add correct host key in /home/dmosk/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/dmosk/.ssh/known_hosts:6
RSA host key for 192.168.0.18 has changed and you have requested strict checking.

Причина: произошла смена ключа SSH и так как, на компьютере в файле ~/.ssh/known_hosts находится старый ключ, система не позволяет использовать сертификат в целях безопасности.

Решение: открываем файл с базой ключей:

vi ~/.ssh/known_hosts

Находим строчку с нашим удаленным компьютером, для которого получаем ошибку и удаляем ее.

Была ли полезна вам эта инструкция?

Да Нет

Источник

Alexander

3532 gold badges5 silver badges15 bronze badges

asked Sep 6, 2011 at 15:12

Edited: If you own both machines, you may share your private key. But this solution is not safe for case of stolen notebook or for machines you don’t own.

You may copy your private keys from H1 to H2, if you want to use the same private key to be able to login from H2 to S1. When you at H1 do the commands:

H1$ ssh H2 mkdir ~/.ssh
H1$ scp  ~/.ssh/id_rsa ~/.ssh/id_dsa H2:~/.ssh/

Warning! This will delete and replace any private key you had at H2.

answered Sep 6, 2011 at 15:23

osgxosgx

6,4877 gold badges55 silver badges71 bronze badges

Use ssh-copy-id

SYNOPSIS

ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

ssh-copy-id is a script that uses ssh to log into a remote machine and
append the indicated identity file to that machine’s ~/.ssh/authorized_keys file.

answered Sep 6, 2011 at 15:14

Mu QiaoMu Qiao

5593 silver badges3 bronze badges

Use two private keys

Set up H2 using the same process (but not the same private key) as you did when you set up H1:

There is never a good reason to copy a private key from some other machine. If you haven’t already generated a fresh private key on H2, do so now. Also generate the corresponding public key. In a terminal on H2,

type: ssh-keygen -t rsa

Copy your H2’s public key to the server. In a terminal on H2,

type: ssh-copy-id username@S1.net

(but use your actual username on S1 and S1’s hostname, and later type in your password on S1 when it asks for it).

This installs the public key of your workstation into the ~/.ssh/authorized_keys file for that user on the server.

There is no step 3. From now on, you can log into the S1 from your H2, and also log into the S1 from your H1.

details

I assume that what you are really asking is

I have a server («S1»)
I log in to my server from my personal laptop («H1»)
I also want to log in to my server from my workstation («H2»).

What is the right way to do that?

I suppose I could simply log in with the same password from both places. That can’t be the right way, because everyone says that public key authentication is much better than passwords. (a)
I suppose I could simply copy the private key from my laptop to my workstation. That can’t be the right way, because everyone says that the private key is never supposed to leave the client machine.

People have it hammered into their head that one account on a server has a single username and, of course, a single authorized password.

(more details).

answered Aug 21, 2014 at 15:57

David CaryDavid Cary

90312 silver badges27 bronze badges

All the questions here address the issue of copying identity from one server to another server by making use of ssh-copy-id, which is not the point of the question.

This is not advisable for security reasons as extensively mentioned by others, however, it is possible to achieve with per the following steps:

Copy your private (e.g. ~/.ssh/id_rsa) and public (e.g. ~/.ssh/id_rsa.pub) from your H1 machine to your H2 machine in location ~/.ssh (Do this only through a trusted USB that you will format afterwards, do not use emails or any other internet-based medium). When you will execute the following command in H2 ls -alt ~/.ssh the output will contain at least the following:

-rw-r--r--  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub

On H2, change the permission of the private key to be less accessible (otherwise next step will fail) with the command chmod 600 ~/.ssh/id_rsa, so that the output of the following command ls -alt ~/.ssh will contain the following (notice the difference from the above permission):

-rw-------  1 youUserName youUserName 1240 Nov  3 14:52 id_rsa
-rw-r--r--  1 youUserName youUserName  412 Nov  3 14:52 id_rsa.pub

Final Step. on H2, now use the command ssh-add ~/.ssh/id_rsa to enable the private-public key pair to be used to identify yourself from H2 to any server that you will connect to by using the private-public key that you imported.

Now, any ssh or scp command such as ssh yourUserName@ip-address should succeed as if you were logged into H1.

Security Considerations:

PLEASE CONSIDER OTHERS SUGGESTIONS FOR BETTER SECURITY, AKA GENERATE A NEW PRIVATE-PUBLIC KEY PAIR
The only case in which I see this to be useful is when moving on to a new machine for good so that H2 will become your primary computer and H1 will not be used anymore;
If you are using both H1 and H2 still, there is no plausible good reason to use the same private-public key pair from H2.

answered Nov 24, 2020 at 15:10

FedFed

2202 silver badges6 bronze badges

For shifting of SSH keys from one computer to another. Just copy the entire folder from ~/.ssh from H1 (old machine) to ~/.ssh content folder of new machine H2.

Now try:

ssh ubuntu@13.123.43.26 (your S1 ip)

Most probably you will get a permission warning to fix that run:

chmod 400 ~/.ssh/id_rsa

Now again:

ssh ubuntu@13.123.43.26 (your S1 ip)

It will work fine now.

answered Sep 30, 2019 at 4:13

Shaurya UppalShaurya Uppal

1911 gold badge3 silver badges8 bronze badges

Transfer the keys using scp like this:

scp /home/[user]/.ssh/id_rsa* user@ip:/home/[user]/.ssh/

answered Nov 17, 2020 at 13:29

Источник