Sharing SSH Keys to login?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I am little bit lost or confused.
I have some secure server where inside
~/.ssh/authorized_keys
i have a key to remotely login those servers from my desktop (mac book )Now that secure server need to SFTP/SCP to some third party servers
They provided me SSH ip, username, password, but i need to login with key. They asked me to share key.
Now confused which key i have to share to them? id_rsa.pub
or the key from ~/.ssh/authorized_keys
NOTE: if i share my id_rsa.pub key to third party can they use it to hack my secured servers in point 1?
centos ssh scp sftp key-authentication
add a comment |Â
up vote
2
down vote
favorite
I am little bit lost or confused.
I have some secure server where inside
~/.ssh/authorized_keys
i have a key to remotely login those servers from my desktop (mac book )Now that secure server need to SFTP/SCP to some third party servers
They provided me SSH ip, username, password, but i need to login with key. They asked me to share key.
Now confused which key i have to share to them? id_rsa.pub
or the key from ~/.ssh/authorized_keys
NOTE: if i share my id_rsa.pub key to third party can they use it to hack my secured servers in point 1?
centos ssh scp sftp key-authentication
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I am little bit lost or confused.
I have some secure server where inside
~/.ssh/authorized_keys
i have a key to remotely login those servers from my desktop (mac book )Now that secure server need to SFTP/SCP to some third party servers
They provided me SSH ip, username, password, but i need to login with key. They asked me to share key.
Now confused which key i have to share to them? id_rsa.pub
or the key from ~/.ssh/authorized_keys
NOTE: if i share my id_rsa.pub key to third party can they use it to hack my secured servers in point 1?
centos ssh scp sftp key-authentication
I am little bit lost or confused.
I have some secure server where inside
~/.ssh/authorized_keys
i have a key to remotely login those servers from my desktop (mac book )Now that secure server need to SFTP/SCP to some third party servers
They provided me SSH ip, username, password, but i need to login with key. They asked me to share key.
Now confused which key i have to share to them? id_rsa.pub
or the key from ~/.ssh/authorized_keys
NOTE: if i share my id_rsa.pub key to third party can they use it to hack my secured servers in point 1?
centos ssh scp sftp key-authentication
asked May 16 at 11:52
YumYumYum
1,549113264
1,549113264
add a comment |Â
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
16
down vote
accepted
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa
), and the public key (~/.ssh/id_rsa.pub
). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.
You never pass the secret key to any other party, as that would give them the ability to impersonate you.
As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.
If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys
or in your Macs id_rsa.pub
. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub
.
If you want to login using both keys, you'll need to arrange both in the authorized_keys
on the target server.
If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)
Passing the public key (id_rsa.pub
) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.
3
OK!!!! that means i can safely share myid_rsa.pub
key. Because nobody hasid_rsa
private key of mine
â YumYumYum
May 16 at 12:07
1
@YumYumYum in the context of your question, yes they are asking you to share theid_rsa.pub
key (for installation on their server), and there is no risk from doing so. The privateid_rsa
part is the part that should never be shared.
â Doktor J
May 16 at 21:20
add a comment |Â
up vote
4
down vote
The .pub
in the filename id_rsa.pub
indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh
. The corresponding private key which should not be shared is id_rsa
.
By adding your id_rsa.pub
in a remote ~/.ssh/authorized_keys
, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa
to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub
file.
add a comment |Â
up vote
2
down vote
Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.
If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.
add a comment |Â
up vote
1
down vote
You can create new SSH key using putty-gen application and provide pem file to thirty party user for security purpose. Once you work done you can remove the public key which store on server
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
yeah that also possible
â jayeshkh007
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
2
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
 |Â
show 1 more comment
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
16
down vote
accepted
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa
), and the public key (~/.ssh/id_rsa.pub
). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.
You never pass the secret key to any other party, as that would give them the ability to impersonate you.
As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.
If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys
or in your Macs id_rsa.pub
. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub
.
If you want to login using both keys, you'll need to arrange both in the authorized_keys
on the target server.
If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)
Passing the public key (id_rsa.pub
) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.
3
OK!!!! that means i can safely share myid_rsa.pub
key. Because nobody hasid_rsa
private key of mine
â YumYumYum
May 16 at 12:07
1
@YumYumYum in the context of your question, yes they are asking you to share theid_rsa.pub
key (for installation on their server), and there is no risk from doing so. The privateid_rsa
part is the part that should never be shared.
â Doktor J
May 16 at 21:20
add a comment |Â
up vote
16
down vote
accepted
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa
), and the public key (~/.ssh/id_rsa.pub
). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.
You never pass the secret key to any other party, as that would give them the ability to impersonate you.
As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.
If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys
or in your Macs id_rsa.pub
. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub
.
If you want to login using both keys, you'll need to arrange both in the authorized_keys
on the target server.
If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)
Passing the public key (id_rsa.pub
) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.
3
OK!!!! that means i can safely share myid_rsa.pub
key. Because nobody hasid_rsa
private key of mine
â YumYumYum
May 16 at 12:07
1
@YumYumYum in the context of your question, yes they are asking you to share theid_rsa.pub
key (for installation on their server), and there is no risk from doing so. The privateid_rsa
part is the part that should never be shared.
â Doktor J
May 16 at 21:20
add a comment |Â
up vote
16
down vote
accepted
up vote
16
down vote
accepted
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa
), and the public key (~/.ssh/id_rsa.pub
). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.
You never pass the secret key to any other party, as that would give them the ability to impersonate you.
As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.
If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys
or in your Macs id_rsa.pub
. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub
.
If you want to login using both keys, you'll need to arrange both in the authorized_keys
on the target server.
If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)
Passing the public key (id_rsa.pub
) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.
SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa
), and the public key (~/.ssh/id_rsa.pub
). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.
You never pass the secret key to any other party, as that would give them the ability to impersonate you.
As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.
If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys
or in your Macs id_rsa.pub
. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub
.
If you want to login using both keys, you'll need to arrange both in the authorized_keys
on the target server.
If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)
Passing the public key (id_rsa.pub
) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.
edited May 16 at 12:09
answered May 16 at 12:04
ilkkachu
48.1k669133
48.1k669133
3
OK!!!! that means i can safely share myid_rsa.pub
key. Because nobody hasid_rsa
private key of mine
â YumYumYum
May 16 at 12:07
1
@YumYumYum in the context of your question, yes they are asking you to share theid_rsa.pub
key (for installation on their server), and there is no risk from doing so. The privateid_rsa
part is the part that should never be shared.
â Doktor J
May 16 at 21:20
add a comment |Â
3
OK!!!! that means i can safely share myid_rsa.pub
key. Because nobody hasid_rsa
private key of mine
â YumYumYum
May 16 at 12:07
1
@YumYumYum in the context of your question, yes they are asking you to share theid_rsa.pub
key (for installation on their server), and there is no risk from doing so. The privateid_rsa
part is the part that should never be shared.
â Doktor J
May 16 at 21:20
3
3
OK!!!! that means i can safely share my
id_rsa.pub
key. Because nobody has id_rsa
private key of mineâ YumYumYum
May 16 at 12:07
OK!!!! that means i can safely share my
id_rsa.pub
key. Because nobody has id_rsa
private key of mineâ YumYumYum
May 16 at 12:07
1
1
@YumYumYum in the context of your question, yes they are asking you to share the
id_rsa.pub
key (for installation on their server), and there is no risk from doing so. The private id_rsa
part is the part that should never be shared.â Doktor J
May 16 at 21:20
@YumYumYum in the context of your question, yes they are asking you to share the
id_rsa.pub
key (for installation on their server), and there is no risk from doing so. The private id_rsa
part is the part that should never be shared.â Doktor J
May 16 at 21:20
add a comment |Â
up vote
4
down vote
The .pub
in the filename id_rsa.pub
indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh
. The corresponding private key which should not be shared is id_rsa
.
By adding your id_rsa.pub
in a remote ~/.ssh/authorized_keys
, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa
to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub
file.
add a comment |Â
up vote
4
down vote
The .pub
in the filename id_rsa.pub
indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh
. The corresponding private key which should not be shared is id_rsa
.
By adding your id_rsa.pub
in a remote ~/.ssh/authorized_keys
, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa
to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub
file.
add a comment |Â
up vote
4
down vote
up vote
4
down vote
The .pub
in the filename id_rsa.pub
indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh
. The corresponding private key which should not be shared is id_rsa
.
By adding your id_rsa.pub
in a remote ~/.ssh/authorized_keys
, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa
to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub
file.
The .pub
in the filename id_rsa.pub
indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh
. The corresponding private key which should not be shared is id_rsa
.
By adding your id_rsa.pub
in a remote ~/.ssh/authorized_keys
, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa
to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub
file.
answered May 16 at 12:04
user4556274
4,94811123
4,94811123
add a comment |Â
add a comment |Â
up vote
2
down vote
Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.
If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.
add a comment |Â
up vote
2
down vote
Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.
If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.
If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.
Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.
If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.
answered May 16 at 12:05
symcbean
2,21611121
2,21611121
add a comment |Â
add a comment |Â
up vote
1
down vote
You can create new SSH key using putty-gen application and provide pem file to thirty party user for security purpose. Once you work done you can remove the public key which store on server
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
yeah that also possible
â jayeshkh007
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
2
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
 |Â
show 1 more comment
up vote
1
down vote
You can create new SSH key using putty-gen application and provide pem file to thirty party user for security purpose. Once you work done you can remove the public key which store on server
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
yeah that also possible
â jayeshkh007
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
2
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
 |Â
show 1 more comment
up vote
1
down vote
up vote
1
down vote
You can create new SSH key using putty-gen application and provide pem file to thirty party user for security purpose. Once you work done you can remove the public key which store on server
You can create new SSH key using putty-gen application and provide pem file to thirty party user for security purpose. Once you work done you can remove the public key which store on server
answered May 16 at 12:02
jayeshkh007
1093
1093
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
yeah that also possible
â jayeshkh007
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
2
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
 |Â
show 1 more comment
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
yeah that also possible
â jayeshkh007
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
2
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
Instead of i create cant they create a key for me? And give me a key?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
(i dont want to give any key to avoid confusion) i want they provide me username, password and key. i use that key to login on there site?
â YumYumYum
May 16 at 12:03
yeah that also possible
â jayeshkh007
May 16 at 12:04
yeah that also possible
â jayeshkh007
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
What do i ask then to them? (i am confused and by confuse if i share my keys and later they hack my servers i will be shooting myself, so for me its safe they provide me keys not me)
â YumYumYum
May 16 at 12:04
2
2
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
No, you do not want to ask them for username, password, and key. This defeats the ssh security model. You always create your keys, protect the private half, and provide the public half which you have generated to the remote administrator.
â user4556274
May 16 at 12:05
 |Â
show 1 more comment
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f444139%2fsharing-ssh-keys-to-login%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password