Bill Carney's picture

Ok, I'm feeling pretty stupid and vulnerable because I'm not sure how to even phrase this question correctly.

When you launch a new server from the Hub, it allows you to select the SSH key-pair you want to use.  I downlaoded an ISO and installed and configured a virtual machine on my local system, and I need to add my SSH key to it.  But I have no idea how to do that.  Googling tells me how to generate a new key, but I'd like to use an existing one. How do I do this?

Forum: 
Jeremy Davis's picture

What is your host OS? If you're using Linux (or Mac too - I think), then it's pretty easy. If on Windows, then it's a little more of a pain, but still doable. Regardless, I'll detail both below, then others that have the same issue will hopefully find this post too.

Linux (and probably Mac too)

If you are a Mac user and confirm this works, please post so I can update this post.

ssh-copy-id USER@IP_OR_DOMAIN

E.g.:

ssh-copy-id root@192.168.1.153

However, if you are adding your key to a v15.x appliance, you will need to apply a tweak first. FWIW our SSH hardening in v15.x locked things down a little too much; I intend to "fix" that for future releases, but haven't got there yet. The issue (and the workaround) is noted on the relevant issue.

Windows

AFAIK Windows doesn't have a handy utility to take care of that for you, so you need to manually do what ssh-copy-id does for you. Namely copy in your SSH public key (usually found at ~/.shh.ras_id.pub on Linux (not sure where that usually lives on a Windows machine?!) to the remote computers ~/.ssh/authorized_keys file.

In other words, cat the pub key file, copy the text, then paste it in ~/.ssh/authorized_keys file (create it if it doesn't exist). If you have a few keys you'd like to add and already have them added to another server, it may even be easier to copy the authorized_keys file from one server to another via scp. I.e.:

ssh root@server1
scp ~/.ssh/authorized_keys root@server2:/root/.ssh/authorized_keys
exit

Warning: that will overwrite an existing authorized_keys file. Also users who have keys on server1, can now access server2!

Bill Carney's picture

I'm using a Mac.  When I run:

ssh-copy-id root@172.16.82.192

it replies with 

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file

    (to install the contents of '/root/.pub' anyway, look at the -f option)

So I tried

ssh-copy-id -f root@172.16.82.192

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file

I created an empty .pub file in /root and tried again.  This time I got:

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.pub"

/usr/bin/ssh-copy-id: ERROR: No identities found

Googled a lot without joy, so I simply copied authorized_keys file from one server to the other manually and rebooted.  

Sometimes brute force is all that's needed. :)

Jeremy Davis's picture

It looks like you may be doing this from within your server?! (I say that as it's complaining about not finding /root/.pub and I doubt you are running as root on your Mac?!)

To clarify, this command needs to be run on your local computer (the computer you wish to connect from) and needs to have your SSH keypair (it's explicitly looking for the public key). I.e. the computer where you initiate the SSH connection. That would almost certainly your Mac in this scenario.

You do need to log into your server first to adjust the 'MaxAuthTries' of the SSH daemon, but you then need to exit and run the ssh-copy-id command direct from your computer.

Having said that, I just had a quick google and it seems that Mac doesn't have the ssh-copy-id command so perhaps that lead you astray. Apologies if that was the case. Apparently this one liner should do the job though (assuming your public key can be found at ~/.ssh/id_rsa.pub on your local machine):

cat ~/.ssh/id_rsa.pub | ssh user@machine "cat >> ~/.ssh/authorized_keys"

Sorry if my previous post wasn't clear enough. I hope this clarifies things.

Laercio Filho's picture

On local host confirm the directory ~/.ssh so verify if exist the id_rsa.pub file.   If no run ssh-keygen for create.   Now verify on the remote host if exist the ~/.ssh directory, if no create

Add new comment