Connect to a Remote Server Using an SSH Private Key
1. Prepare the SSH Private Key File
Make sure you already have an SSH private key file.
2. Set Permissions on the Private Key File
For security, the SSH private key file permissions should be set to readable by the owner only. This is a necessary step!!!
Linux/macOS
chmod 600 /path/to/your/private_key.pem
Windows
On Windows, the chmod command is not available by default. You can use PowerShell's icacls command to change file permissions. Here are the steps to change file permissions in PowerShell:
-
Open PowerShell: Run PowerShell as an administrator.
-
Change file permissions: Use the
icaclscommand to restrict file permissions. The following commands will only allow the current user to read and write the file:icacls "D:\Download\id_ed25519_team28" /inheritance:r
icacls "D:\Download\id_ed25519_team28" /grant:r "$($env:USERNAME):(R,W)"Explanation of these commands:
/inheritance:r: Remove inherited permissions./grant:r "$($env:USERNAME):(R,W)": Grant the current user read and write permissions.
-
Verify permissions: You can use the following command to check the file permissions:
icacls "D:\Download\id_ed25519_team28"This will display the current permission settings of the file.
3. Connect to the Remote Server Using the SSH Private Key File
Use the following command to connect to the remote server:
ssh username@remote_server_ip_or_domain -i /path/to/your/private_key.pem
/path/to/your/private_key.pem: The path to the SSH private key file.username: The username on the remote server.remote_server_ip_or_domain: The IP address or domain name of the remote server.
For example, if your private key file path is ~/.ssh/id_rsa, the username is user, and the remote server IP address is 192.168.1.100, the command would be:
ssh user@192.168.1.100 -i ~/.ssh/id_rsa
4. Verify the Connection
After running the command above, if everything is correct, you will be connected to the remote server. If this is your first time connecting to the server, you may see a prompt like this:
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Type yes and press Enter to continue. After that, you should see the remote server's terminal prompt, indicating that you have successfully connected.
Common Issues
1. Permission Denied (Public Key)
If you see an error like Permission denied (publickey), it could be due to one of the following reasons:
- The private key file path is incorrect.
- The private key file permissions are incorrect.
- The remote server does not have the correct public key configured.
Please check the above items and make sure the configuration is correct.
2. Host Key Verification Failed
If you see a Host key verification failed error, it may be because the remote server's host key has changed. You can edit the ~/.ssh/known_hosts file, remove the corresponding host entry, and then reconnect.
3. Connection Timed Out
If you see a Connection timed out error, it could be a network issue or the remote server may not have the SSH port open (the default is 22). Please check your network connection and the server's firewall settings.
Conclusion
Connecting to a remote server using an SSH private key file is a secure and efficient method. By following the steps above, you can easily configure and use an SSH private key file for connections. If you encounter any issues, refer to the Common Issues section for troubleshooting.