Skip to main content
HashnodeLinux Mint Tutorials

Command Palette

Search for a command to run...

How to use SSH key

Updated
4 min read
How to use SSH key
M
M Safiedin
Part of seriesSSH all in one

Little Intro…

An SSH Key is a security credential that works like a digital lock and key. It is generally safer and more convenient than using a password.

  • The Private Key (The "Key"): You keep this on your computer. Never share this.

  • The Public Key (The "Lock"): You upload this to every VM you want to access.

  • How it works: When you try to login, the VM checks if your "Key" matches its "Lock." If they match, you get in without typing a password.

Is it okay to use one key for all VMs?

Yes, it is very common to use a single "Identity Key" (e.g., id_rsa or id_ed25519) to access all your servers.

  • Pro: You only need to manage one file on your laptop.

  • Con: If someone steals your private key file, they can access all your servers.

  • Recommendation: Protect your private key with a passphrase (a password for the key itself) during creation to mitigate this risk.

Phase 1: Create Key on Computer 1 (The "Master" Computer)

  1. On Computer 1, open your terminal.

  2. Generate the key:

    Bash

     ssh-keygen -t ed25519 -C "manager-key"

    (Press Enter through all prompts. You can add a passphrase if you want extra security).

manager@IntelServer:~$ ssh-keygen -t ed25519 -C "manager-key"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/manager/.ssh/id_ed25519): 
Created directory '/home/manager/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/manager/.ssh/id_ed25519
Your public key has been saved in /home/manager/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:JegBcPYZOJKF5xs6n04VmBl74UL8V+ZDcALJ1kDfHlM manager-key
The key's randomart image is:
+--[ED25519 256]--+
|  .*B+*=o.. E    |
|  ++=X+*.++.     |
|   +*+O o==      |
|    o+.o.+oo     |
|   . oo.S ..     |
|  o ..           |
|   o..           |
|   .o            |
|   ..            |
+----[SHA256]-----+

Remember: Public key stored in VM, Private key on your computer.

  1. Copy the Public Key to the VM:

    Bash

     ssh-copy-id -i ~/.ssh/id_ed25519.pub user@YOUR_VM_IP

Examples…

manager@IntelServer:~$ ssh-copy-id -i ~/.ssh/id_ed25519.pub manager@192.168.0.50
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/manager/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.50 (192.168.0.50)' can't be established.
ED25519 key fingerprint is SHA256:RaX4Nko6m812qXzLdeQzkKeV7x0wvYSn4CTOyZN4hSI.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
manager@192.168.0.50's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'manager@192.168.0.50'"
and check to make sure that only the key(s) you wanted were added.

manager@IntelServer:~$ ssh 'manager@192.168.0.50'
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.14.0-37-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Phase 2: Transfer the Key to Computer 2

You need to move the Private Key (id_ed25519) from Computer 1 to Computer 2. The Public key (.pub) isn't strictly needed on Computer 2 for login, but it's good to keep them together.

The easiest way (Copy & Paste Text): Since SSH keys are just text files, we can copy the text content.

1. Get the Key content on Computer 1: Run this command on Computer 1 and copy the entire output (including -----BEGIN... and -----END...):

Bash

cat ~/.ssh/id_ed25519

Example

manager@IntelServer:~$ cat ~/.ssh/id_ed25519
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABC6yA6dIQ
cJ48DuZITdMgta212A121AAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIOD+wsd1P8V26f5D
QuJP8dZMqaEvi11UMa212DwT3K69W79AAAAkPBKTYTo0Y/u0EHlIbZkhF0fri78ac7i8Hu2yu
Ral413KCmiTcur1SFK4Q6fENhD0Dtl69QmJ92IX3Nj2JICD4la1zBYZ6ke6p+TwJ+KLIjL
y19N70xlzDXT149hYebetwrhrwtyBkocXGqWWzgZyWp1V0HrtpWQtWfUKu2TI8D8sZ72fWiPbTPxpPeJ
tA40Oa5JOADYKnjQ==
-----END OPENSSH PRIVATE KEY-----

2. Create the file on Computer 2: Open a terminal on Computer 2 and run these commands:

  • Create the hidden ssh folder (if it doesn't exist):

    Bash

      mkdir -p ~/.ssh

  • Open a text editor to create the key file:

    Bash

      nano ~/.ssh/id_ed25519

  • Paste the key text you copied from Computer 1.

  • Save and Exit: Press Ctrl+O, Enter (to save), then Ctrl+X (to exit).

Phase 3: Secure the Key on Computer 2 (Crucial)

SSH is very strict. If it sees that your private key file is "open" to other users on the computer, it will refuse to use it. You must lock down the permissions.

On Computer 2, run this command:

Bash

chmod 600 ~/.ssh/id_ed25519

Phase 4: Test Login from Computer 2

You do not need to do anything new on the VM. Since the VM already trusts the key (from Phase 1), and Computer 2 now holds that exact same key, it should just work.

On Computer 2:

Bash

ssh user@YOUR_VM_IP
#ssh-keys

Comments

Join the discussion

No comments yet. Be the first to comment.

SSH all in one

Part 1 of 3
Up next

Using Same Pub Key on 2 VM

You do not need to copy the private key (the file on your computer) to the new VM. You only need to copy the Public Key (the "Lock"). Since Computer 1 and Computer 2 already hold the same Private Key, you only need to perform this setup once (from Co...

More from this blog

Linux Mint Tutorials

13 posts

Compilation of Linux Mint Tutorialls