Home / ubuntu / Questions / 53553
Accepted
Lekensteyn
Asked: 2011-07-19 01:57:57 +0800 CST

How do I retrieve the public key from a SSH private key?

  • 772

A SSH private key as generated by ssh-keygen contains a public key part. How do I retrieve this public key from the private key? I've lost my public key and need to put the contents of this public key in the servers authorized_keys file and do not want to create a new key pair.

Alternatively phrased: how do I create the id_rsa.pub file from a id_rsa file?

command-line

2 Answers

  1. Best Answer

    I've found the answer on Server Fault: Create a public SSH key from the private key?

    The option -y outputs the public key:

    ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

    As a side note, the comment of the public key is lost. I've had a site which required the comment (Launchpad?), so you need to edit ~/.ssh/id_rsa.pub and append a comment to the first line with a space between the comment and key data. An example public key is shown truncated below.

    ssh-rsa AAAA..../VqDjtS5 ubuntu@ubuntu

    For keys that were added to the SSH Agent (a program that runs in the background and avoids the need for re-entering the keyfile passphrase over and over again), you can use the ssh-add -L command to list the public keys for keys that were added to the agent (via ssh-add -l). This is useful when the SSH key is stored on a smart card (and access to the private key file is not possible).

    • 837

  2. This is a solution is specifically for users using Windows to SSH into their remote machines, including cloud images on Amazon AWS and GCE.

    (Disclaimer)

    I recently used this solution to remote log in to new deployed VM images on GCE.

    Tools used:

    1. puttygen
    2. WinSCP

    Steps to perform:

    1. Generate a public/private key pair using puttygen.
    2. Upload a public key to your server in the cloud or remote location.

    Description (how to do it):

    1. Generate a key/pair or use an existing private key:

      If you have a private key:

      Open puttygen, press load button and select your private key (*.pem) file.

      If you do not have a private key:

      • Open puttygen,
      • Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section... and it is important that you leave the passphrase field blank,
      • Press generate and follow instructions to generate (public/private) key pair.

      Sample Key Generation pic

    2. Create a new 'authorized_keys' file (with Notepad):

      Copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file.

      Make sure there is only one line of text in this file.

    3. Upload the key to a Linux server:

      • Open WinSCP,
      • Select the SFTP file protocol and log in with your SSH credentials.
      • On success, you see the home directory structure at your remote machine.

      Upload authorized_keys file to the home directory at the remote machine.

    4. Set proper permissions:

      Make a .ssh directory (if it does not exist)

      Copy the authorized_keys file to the .ssh directory (this will replace any existing authorized_keys file; take note of this).

      If the file exists, simply add the contents of this file to the existing file.

      Run commands to set permissions:

       sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys

    Now you will be able to ssh into a remote machine without entering credentials every time.

    Further reading:

    1. Generating and uploading SSH keys under Windows

    2. Authentication without password using OpenSSH Key, certificates .pem and .pub

    • 15