564

A SSH private key as generated by ssh-keygen contains a public key part. How do I retrieve this public key from the private key? I've lost my public key and need to put the contents of this public key in the servers authorized_keys file and do not want to create a new key pair.

Alternatively phrased: how do I create the id_rsa.pub file from a id_rsa file?

dessert
  • 39,392
  • 12
  • 115
  • 163
Lekensteyn
  • 171,743
  • 65
  • 311
  • 401

3 Answers3

863

I've found the answer on Server Fault: Create a public SSH key from the private key?

The option -y outputs the public key:

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

As a side note, the comment of the public key is lost. I've had a site which required the comment (Launchpad?), so you need to edit ~/.ssh/id_rsa.pub and append a comment to the first line with a space between the comment and key data. An example public key is shown truncated below.

ssh-rsa AAAA..../VqDjtS5 ubuntu@ubuntu

For keys that were added to the SSH Agent (a program that runs in the background and avoids the need for re-entering the keyfile passphrase over and over again), you can use the ssh-add -L command to list the public keys for keys that were added to the agent (via ssh-add -l). This is useful when the SSH key is stored on a smart card (and access to the private key file is not possible).

Pablo Bianchi
  • 14,308
  • 4
  • 74
  • 117
Lekensteyn
  • 171,743
  • 65
  • 311
  • 401
  • 3
    Please note that your private key file `~/.ssh/id_rsa` must be restricted to your username. use `$ sudo chmod 600 ~/.ssh/id_rsa` and enter your root credentials to restrict it, then you can output the public key file. Otherwise you will get unrestricted private key file warning. – Mark Mikofski Sep 06 '15 at 04:30
  • 18
    @MarkMikofski No need for `sudo`, you are supposed to own the private key already. Otherwise you cannot read it in the first place. – Lekensteyn Sep 06 '15 at 10:28
  • 11
    @Lekensteyn thanks, of course you're right!. Also `400` is recommended since no need to write to type private key file. Corrected command should be `$ chmod 400 ~/.ssh/id_rsa` – Mark Mikofski Sep 06 '15 at 14:38
  • Private key comment is lost. See https://stackoverflow.com/questions/38290929/generate-public-ssh-key-from-private-key – weberjn Feb 02 '18 at 10:07
  • 1
    @weberjn The private key (`id_rsa` file) does not have a comment, but indeed the comment within the public key file (`id_rsa.pub`) is lost. – Lekensteyn Feb 02 '18 at 10:43
  • $ ssh-keygen -lf id_rsa 4096 SHA256:WZDX3x8N+ZzUkIAOkibG34Y1SY6G1p8oqXmI1sOlIN8 your_email@example.com my comment (RSA) – weberjn Feb 03 '18 at 13:04
  • you just saved my life :) – Appyx Sep 06 '18 at 20:05
  • Brilliant!!!!!! – Lance Kind Sep 12 '19 at 20:01
16

This is a solution is specifically for users using Windows to SSH into their remote machines, including cloud images on Amazon AWS and GCE.

(Disclaimer)

I recently used this solution to remote log in to new deployed VM images on GCE.

Tools used:

  1. puttygen
  2. WinSCP

Steps to perform:

  1. Generate a public/private key pair using puttygen.
  2. Upload a public key to your server in the cloud or remote location.

Description (how to do it):

  1. Generate a key/pair or use an existing private key:

    If you have a private key:

    Open puttygen, press load button and select your private key (*.pem) file.

    If you do not have a private key:

    • Open puttygen,
    • Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section... and it is important that you leave the passphrase field blank,
    • Press generate and follow instructions to generate (public/private) key pair.

    Sample Key Generation pic

  2. Create a new 'authorized_keys' file (with Notepad):

    Copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file.

    Make sure there is only one line of text in this file.

  3. Upload the key to a Linux server:

    • Open WinSCP,
    • Select the SFTP file protocol and log in with your SSH credentials.
    • On success, you see the home directory structure at your remote machine.

    Upload authorized_keys file to the home directory at the remote machine.

  4. Set proper permissions:

    Make a .ssh directory (if it does not exist)

    Copy the authorized_keys file to the .ssh directory (this will replace any existing authorized_keys file; take note of this).

    If the file exists, simply add the contents of this file to the existing file.

    Run commands to set permissions:

     sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys

Now you will be able to ssh into a remote machine without entering credentials every time.

Further reading:

  1. Generating and uploading SSH keys under Windows

  2. Authentication without password using OpenSSH Key, certificates .pem and .pub

Community
  • 1
devprashant
  • 384
  • 3
  • 6
  • If Your home directory is encryted, do this: http://askubuntu.com/questions/439184/how-is-a-login-via-an-ssh-private-public-key-associated-with-a-given-user/700344#700344 – devprashant Nov 21 '15 at 10:06
  • 3
    although your answer is not really relevant to the question, I vote for it because of your enthusiasm. – Truong Nguyen Dec 13 '16 at 16:53
0

Lekensteyn's answer can also be adapted to work for Ed25519 keys:

ssh-keygen -y -f ~/.ssh/id_ed25519 > ~/.ssh/id_ed25519.pub

pzrq
  • 249
  • 3
  • 12