How to set up ssh key pairs on two computers so they become BBFs

04 Nov 2020

Here is another tutorial, this time on how to set up ssh keys on two machines. You might want to do this to automate processes and remove the need for user entered passwords. I set this up so I could copy easier between my laptop and my Raspberry Pi.

I’m going to call the two computers here leader and follower. That’s old speak for Master and Slave. For me these two were my laptop, and my Raspberry Pi respectively.

First step is to create a storage place on your leader for the ssh keys to be created. Do this in your home directory:

mkdir ~/.ssh

Then navigate to this location with:

cd ~/.ssh

Now let’s generate the keys:

ssh-keygen

The default bit-length of the key is 2048 bits, but you can specify a stronger key like 4096 bits with the appendix (-b bits), e.g.:

ssh-keygen -b 4096

It will ask you if you want a password. This is optional, ssh keys are by their definition secure, but maybe you want an extra layer of protection.

When you run the above you will get something like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/james/.ssh/id_rsa): keypair-test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in keypair-test.
Your public key has been saved in keypair-test.pub.
The key fingerprint is:
SHA256:GPa4egHQSlMVrxomtfJFJrhL3sL8zTeU4uASyjgjgYXXnHMq6Qb james@leader
The key's randomart image is:
+---[RSA 2048]----+
|   .   ***+      |
|     oo.o+.o     |
|  . o ... . .    |
| o + o  ..       |
|..B     S        |
|.+         S     |
|o +o... ..       |
|o    *....   +   |
|                 |
+----[SHA256]-----+

The this command created two files: ‘keypair-test’ and ‘keypair-test.pub’. The first one is the “private key” and the second the “public key”.

They way these work is that the private key never leaves the machine it was created on, whilst the public key goes to the computer that you want to log in to (the follower). So we’re going to put the public key on the follower computer, and keep the private key where it was created. In my case the Raspberry Pi and my laptop respectively.

So let’s do that now. Copy over the public key:

cat ~/.ssh/keypair-test.pub | ssh pi@192.168.1.145 "cat - >> ~/.ssh/authorized_keys"

The above copies the contents of the public key file to a file that is either created if it doesn’t already exist, or appended to if it does.

Let’s check it worked:

ssh pi@192.168.1.145 "cat ~/.ssh/authorized_keys"

You should see something like this (obviously I’m not showing my real key here! :P):

ssh-rsa mUMtTENg6d50AogSHwjNufZY2XkaZwJUk6sLCfKDLRkLitsX4Je8xIooNJsW8r3sHvFkwCHe7Olgwm3LD6cx7GVa323Desr0GL7HhUWyokiKRMCPO5HnHHIcrqGaScGDSwSGEUs
Cowl43iTfJ7eARhpZmupinYHnPcrzo9VGLlAU65n3qnFIMhMl1GjTR2kdnjDUPhoZozGzo7NPKpKRcxpyEpcN5U5ZeXzwwCmJ8b3VqXlf8i9EeFgBnJjo3510PKdRtVo7Wkq7md0wv9Yvuu
taWpDQ5L2RCZanZxSOYifVgGhcLQYcSzsjBLQH9HC3mEZZejIyf7fI1qNBr5qOY5QXSyscOBn1Ji9k47VZ1yTVb7x6P18q james@leader

Now you should be able to log into the machine or copy files across without entering your password!

Logging into the follower looks like this:

ssh -i ~/.ssh/keypair-test pi@192.168.1.145

And copying files looks like this:

scp -i ~/.ssh/keypair-test /home/james/test.txt pi@192.168.1.145:/home/pi/test.txt

/James