$ ssh -i ~/ec2.pem firstname.lastname@example.org
- First step is to generate Key Pair and PEM file.
- Next step is to upload certificate to your remote server in command line using SSH, first time with password.
- Last step, testing connection client to server without using a password.
$ ssh-keygen -t rsa -b 2048 -v
Generating public/private rsa key pair.
Enter file in which to save the key (/home/anonymouse/.ssh/id_rsa):hetzner
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in hetzner.
Your public key has been saved in hetzner.pub.
The key fingerprint is:
The key's randomart image is:
$ ssh-copy-id -i ~/hetzner.pub root@
~/.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting, you may still want to use a password.
$ sudo nano ~/.ssh/authorized_keysor
$ sudo cat
~/.ssh/authorized_keys, you should see a file with a one or more lines of random characters, these are the uploaded or generated keys known to this machine.
~/.ssh/authorized_keyslooks like this, i cut off few hundred of characters from right of both lines:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAX ...
$ sudo ssh -i ~/hetzner.pem email@example.com
If you do not wish to supply the key path every time on client computer when connecting to remote server, one must tell OpenSSH where to look for private key, by default it looks in ~/.ssh/id_rsa and other folders, use ssh with -v parameter, verbose mode will print what it does step by step on screen. Usually this file should contain something like
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
You may have this file with .pem suffix. Pem is your private key, unlike .pub - the public key, private key stays always only on you computer, newer give up your private key. Content of ~/.ssh/id_rsa can be replaced with .pem file, it works fine, no conversion is needed.
If you have more servers and you wish to connect using multiple private keys, create ~/.ssh/config file, that contain following lines:
Host server1 server1.company.com
Host server2 server2.company.com
Host myPC myPC.local
This file is recognized by ssh by default, it must be named config full path: ~/.ssh/config and if you wish to use sudo (for example later in cron with rsync), this file must be also accessible as /root/.ssh/config. In above file /media/11361B1123123634/ is my encrypted USB drive, so the upper two connections works only if the drive is mounted. In Host, first name is short name that can be used with ssh command, for example:
$ ssh server1
This should now connect you to server1.company.com without typing a password, this way also rsync and other command that use ssh may be used to work with other servers without supplying typed or visible passwords every time they communicate.
# eval "$(ssh-agent)"
# chmod 550 .ssh
using rsync with sudo, it looks for key file in /root/.ssh/config not
in /home/user/.ssh/config, so be sure to copy or link this file to
correct location, otherwise ssh and scp will be working fine while rsync
will prompt for password.