How to transfer my SSH keys to another machine?

44

12

I have accounts on two machines: H1 and H2. I created ssh keys on H1 and installed it on S1. I can now ssh to S1 from H1. I want to do the same from H2. How do I install the ssh keys generated on H1 on H2?

Bruce

Posted 2011-09-06T15:12:17.577

Reputation: 2 067

2Since ssh-copy-id is a more fool-proof (no overwrite of existing keys or accidentally copying the private key instead of the public key) and less known solution, please consider to accept one of those answers as the accepted answer. – agtoever – 2014-08-21T16:12:26.433

Answers

30

Edited: If you own both machines, you may share your private key. But this solution is not safe for case of stolen notebook or for machines you don't own.

You may copy your private keys from H1 to H2, if you want to use the same private key to be able to login from H2 to S1. When you at H1 do the commands:

H1$ ssh H2 mkdir ~/.ssh
H1$ scp  ~/.ssh/id_rsa ~/.ssh/id_dsa H2:~/.ssh/

Warning! This will delete and replace any private key you had at H2.

Better way is to generate new private keys on H2 (ssh-keygen) and install their public part on S1 with ssh-copy-id util. In this safer case you will have two sets of keys; one is for H1-S1 login and second for H2-S1 login. There will be two public keys authorized at S1. And you will be able to revoke any of them or both (for example, when you notebook is stolen, or owner of the machine decides to disable you account and reuse all your files).

osgx

Posted 2011-09-06T15:12:17.577

Reputation: 5 419

I recognise this is 9 years old, and was possibly relevant back then. I would argue H1 = H2 is secure! If you are smart enough to change it when your gear gets stolen then you get a huge benefit of knowing where you have used it. It is the same argument, should I use a password manager with a master pass to all passwords. If the machine is stolen then you are compromised anyway, its only double your chance of being stolen. But the security around the keys is many times better than double, the the benefit of only tracking 1. This is old school, like change your pw every 3 months. – NZ Dev – 2020-02-17T03:50:53.933

scenario - you have different H1 & H2 and Your Laptop gets stolen. Which public key do you remove from S1, and S2, and S3... ? because most of the public keys look the same, so now you have to remove most all and everyone (incl you)has to re-auth. – NZ Dev – 2020-02-17T04:05:24.793

@NZDev, what if the machine is not stolen physically but infected by malware, or your cloud based vps was hacked and your keys are copied to hacker? You will not know about this at the same moment. To find which key to delete public keys usually have username and hostname added in last field (comment) - http://man7.org/linux/man-pages/man8/sshd.8.html#AUTHORIZED_KEYS_FILE_FORMAT (identify the key). Multifactor auth is safer (master password is ok, hardware key + pin is better), but sometimes keys are authorized to allow using of some automatic scripts. Old school methods not always work best.

– osgx – 2020-02-18T17:17:25.127

8Copying a private key is really not a good idea. Having a single key at multiple locations 1. makes it more vulnerable, 2. increases risk that you lost control of all the locations, 3. does not allow you to disable access from just one location. From the security point of view you should generate a new key-pair on every location - the solution from Mu Qiao. – pabouk – 2013-09-04T16:56:43.310

29

Use ssh-copy-id

SYNOPSIS

ssh-copy-id [-i [identity_file]] [user@]machine

DESCRIPTION

ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/authorized_keys file.

Mu Qiao

Posted 2011-09-06T15:12:17.577

Reputation: 479

1@I want to do ssh from H2 to S1. I want to transfer and install my private and public key from H1 to H2. Will this do that? – Bruce – 2011-09-06T15:17:20.850

3@Bruce no, you need to regenerate the keys on h2 and use that command to copy your keys. Another approach is letting h1 and h2 share home directory. – Mu Qiao – 2011-09-06T15:19:51.570

12

Use two private keys

Set up H2 using the same process (but not the same private key) as you did when you set up H1:

  • There is never a good reason to copy a private key from some other machine. If you haven't already generated a fresh private key on H2, do so now. Also generate the corresponding public key. In a terminal on H2,

type: ssh-keygen -t rsa

  • Copy your H2's public key to the server. In a terminal on H2,

type: ssh-copy-id username@S1.net

(but use your actual username on S1 and S1's hostname, and later type in your password on S1 when it asks for it).

This installs the public key of your workstation into the ~/.ssh/authorized_keys file for that user on the server.

  • There is no step 3. From now on, you can log into the S1 from your H2, and also log into the S1 from your H1.

details

I assume that what you are really asking is

  • I have a server ("S1")
  • I log in to my server from my personal laptop ("H1")
  • I also want to log in to my server from my workstation ("H2").

What is the right way to do that?

  • I suppose I could simply log in with the same password from both places. That can't be the right way, because everyone says that public key authentication is much better than passwords. (a)
  • I suppose I could simply copy the private key from my laptop to my workstation. That can't be the right way, because everyone says that the private key is never supposed to leave the client machine.

People have it hammered into their head that one account on a server has a single username and, of course, a single authorized password.

Public-key systems like ssh are better than the password system: One account on a server has a single username and any number of authorized public keys, all of them listed in the ~/.ssh/authorized_keys file.

(more details).

David Cary

Posted 2011-09-06T15:12:17.577

Reputation: 773

Forgive me for repeating myself.

– David Cary – 2014-08-21T16:09:48.173

As a best practice, should we be pruning ~/.ssh/authorized_keys as old workstations are retired? – BigRon – 2020-02-05T16:10:42.047

This is the problem with this approach you now need to prune these old public keys out. – NZ Dev – 2020-02-17T03:44:45.847

1

For shifting of SSH keys from one computer to another. Just copy the entire folder from ~/.ssh from H1 (old machine) to ~/.ssh content folder of new machine H2.

Now try:

ssh ubuntu@13.123.43.26 (your S1 ip)

Most probably you will get a permission warning to fix that run:

chmod 400 ~/.ssh/id_rsa

Now again:

ssh ubuntu@13.123.43.26 (your S1 ip)

It will work fine now.

shaurya uppal

Posted 2011-09-06T15:12:17.577

Reputation: 141

copying the keys(he said installing) was what he was asking for, not how to set permissions or login. scp /home/user1/.ssh/id_rsa user2@mydomain:~/.ssh/id_rsa – NZ Dev – 2020-02-17T04:08:39.430

0

Would ssh-copy-id do the job for you: http://linux.die.net/man/1/ssh-copy-id?

Alex Wilson

Posted 2011-09-06T15:12:17.577

Reputation: 113

@I want to do ssh from H2 to S1. I want to transfer and install my private and public key from H1 to H2. Will this do that? – Bruce – 2011-09-06T15:16:27.387

2If you are logged in to either S1 or H1 (which now have your key) using ssh-copy-id will allow you to transfer your public key (not private) to the H2. In general it is best to limit the number of machines on which your private key is installed. Try to keep it to a few secure machines only to prevent its loss. – None – 2011-09-06T15:21:17.930

How do I copy my private key to H2? – Bruce – 2011-09-06T15:25:36.897

Asked: 2011-09-06T15:12:17.577

Viewed: 113 818 times

Active: 2019-09-30T04:13:28.773