Peerobyte / Documentation / Remote Access and Setup / Connecting via OpenSSH / Copying Public Key / Linux: Copying key to Linux

Linux: Copying key to Linux

Published 2024.01.01

This section describes the process of copying a public key from a Linux system called the Client to another Linux system called the Server. The Client will act as the managing system, while the Server will be the managed system.

Prerequisites

Client Requirements:

1. The сlient system must be running a Linux-based operating system.

2. The client system must have OpenSSH Client installed. Instructions for installing OpenSSH Client are provided in the "Linux: Installing SSH Client" section.

3. The client system must have access to a Linux terminal.

Server Requirements:

1. The server system must be running a Linux-based operating system.

2.The server system must have OpenSSH Server installed. Instructions for installing OpenSSH Server are provided in the "Installing OpenSSH Server" section.

3.You must know the username and password of the server user account that will be used to connect from the remote client, such as the root user. The process of creating a new user is described in the "Linux: Creating New User" section.

Copying Public Key

To copy the public key, use the following command:

		
			
		
		ssh-copy-id -i <path_to_public_key> <server_user_name>@<server_IP>

where:

<path_to_public_key> - The path to the public key of the key pair. How to create a key pair is described in "Creating Key Pair". When you create a key using the ssh-keygen utility, the path to the key pair and its name will be displayed. By default, the public key is created by the ssh-keygen utility with the extension *.pub in the /.ssh subdirectory located in the user's folder. You can find the location of the current user's folder using the command: ls -d ~.

<server_user_name> - The name you used when creating a new user on the Server. How to create a user is described in the "Creating New User" section. You can also use the root user for connection, whose password is specified in the Password field of the "Instance Details" section of the Peerobyte virtual machine or server control panel.

<server_IP> - The IP address of the virtual machine or server, specified in the Main IP Address field of the "Public Network IPv4" section in the virtual machine or server control panel.

For example, this command might look like this:

		
			
		
		ssh-copy-id -i /home/myuser1/.ssh/id_rsa.pub [email protected]

This command will connect to the virtual machine or server with the IP address 203.0.113.12 as the server user myuser1. This user's password will be required for authentication. If the password is entered correctly, the command will copy the public key from the client device (/home/myuser1/.ssh/id_rsa.pub) to the server's authorized keys list for the user myuser1.

After successfully copying the public key to the server, you can connect to the virtual machine or server by following the instructions in the "Connecting to Server via OpenSSH" section.

Possible Connection Issues

First-Time SSH Connection Warning

If this is the first time you are connecting to a host via SSH, you will see a similar message:

		
			
		
		The authenticity of host '203.0.113.12 (203.0.113.12)' can't be established.
ECDSA key fingerprint is SHA256:tXw8aipPPyyL4KBAjTtBvHU7K//HzkXuTtdLij2yJ2U.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

It indicates that your system does not know the host you want to connect to. This is a standard precaution to make sure you are not connecting to a fake or malicious server. Confirm your intention to connect to the host by typing yes on your keyboard and pressing Enter.

Host Key Fingerprint Mismatch Alert

You may encounter this message when trying to connect to the host:

		
			
		
		@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
4e:10:78:39:a6:cd:11:12:3a:cd:1b:a2:91:cd:e5:5c.
Please contact your system administrator.
Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message.
Offending key in /home/user1/.ssh/known_hosts:1
RSA host key for 203.0.113.12 has changed and you have requested strict checking.
Host key verification failed.

This message indicates that the remote host's fingerprint saved in your known_hosts file no longer matches the fingerprint presented by the host when attempting to connect. This can be caused by legitimate changes on the server, such as after reinstalling the operating system or changing security settings.

There is also a risk of a "man-in-the-middle" attack, where an attacker could intercept or alter the data. This is a serious security threat.

If the host key change is confirmed to be legitimate, you need to remove the old, outdated fingerprint entry from the known_hosts file on the client system. The offending key entry is indicated in the message as Offending key. The path to the known_hosts file is also provided in the message. If you do not connect to other hosts, you can delete the entire known_hosts file; it will be recreated on the next successful connection. After deleting the known_hosts file or the specific оffending key, retry the connection — the error should not appear.