Recent searches
Search options
Ⓥ
@Blort@social.tchncs.deDear SSH lazyweb ,
I'm trying to add a second device to be able to log in to my server by SSH using a key.
I've already generated the key on my new device but obviously that device can't log in yet because it's key isn't known.
So when I log in to SSH on my usual device, what command would I use to add the key from the second device so it can log in with that, too?
Thank you! 
You should better generate your new key from the computer that already has access to the server and then
- copy public key to server.
- move private key to new computer.
That is the least difficult path I can figure out.
Thanks. I assume the public key is the file ending in .pub?
and when you say "copy it to the server" you mean to the servers /home/user/.ssh/ folder, right?
@Blort yes! with the ssh-copy-id command! 
ANd I copy that with the ssh-copy-id command, right?
@Blort Yes! And if it doesn't work you can still copy the content of the .pub file to the end of the ~/.ssh/authorized_host file on your server.
@jean_dupont @Blort private keys should never move anywhere. Generate private key on the new device, then post the public key anywhere you want (email, usb drive, pastebin, doesn't matter, it's safe). Append the public key to `~/.ssh/authorized_keys` and that's it.
@Blort Copy the contents of your newly generated SSH public key (not the private one!), log in to the target machine and then :
echo "ssh-ed25519 AAAA..." >> ~/.ssh/authorized_keys
I recommend generating an ed25519 keypair.
Example: ssh-keygen -t ed25519
This key pair is being generated from the computer that already has SSH access to the server, not the new one, right?
And when you say "target machine" do you mean the server, the computer that currently has access to it or the machine I'm trying to give access?
@Blort @kint generate the key on the new device, then copy the public part to the existing device that can ssh to the server. Eg WhatsApp it to yourself, save it in google keep/Apple notes, send an email, etc. The public part can be sent fairly insecurely - just do a visual check on both machines to make sure it hasn’t been changed, is all.
Then ‘ssh-copy-id -f -i the_new_key.pub user@server’
The -f is required because you don’t have the corresponding private key, and copy-id checks for it by default.
so I:
1. generated a new key pair from the new client
2. Copied the .pub file from the new client to my ~/.ssh folder on the client that can currently log in
3. did ssh-copy-id -f -i ~/.ssh/mykey.pub serveruser@server.tld
4. Put in my passphrase
CLI says 1 key successfully installed, but when logging in from new client it says permission denied without even asking for my keyphrase.
Did I miss something obvious?
You don't drop the public key into the .ssh/ folder directly, you must add its contents to the existing .ssh/authorized_keys file.
@kint @Blort "on the client that can currently log in" is the critical part. Not on the server.
It looks to me like they have done all the right things, only question now is if the client is properly set up to actually use the key to auth to the server.
Not asking for the key to be unlocked when trying to connect to the server suggests that the ssh client is not even trying to use the key. I'd check that aspect of the client configuration, and if possible, try to enable debug logging to really see what is going on.