Where to get my SSH private key?

July 1, 2015 72.3k views
WordPress

Hi, I have followed this tutorial to create a SSH key pair through my droplet’s command line:
https://www.digitalocean.com/community/tutorials/how-to-use-ssh-keys-with-digitalocean-droplets

It seems everything went fine, but where is now my private key to use with FileZilla?

4 comments
  • You’ll need to copy the files in ~/.ssh/ with the name idrsa (one will be idrsa, and the other will be id_rsa.pub)

    You’ll also need to add that key to your authorized_keys file with this command:

    cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
    chmod 600 ~/.ssh/authorized_keys
    

    The first line takes your key and allows it access to the system
    The second line makes sure authorized_keys has the proper permissions.

  • @JonsJava you shouldn’t copy your private key to your server. The server only needs your public key - which should be stored in ~/.ssh/authorized_keys along with the other public keys that are allowed to connect - to authenticate you.

    @maelga open FileZilla, go to Preferences -> SFTP -> Add keys, and add your SSH private key (/home/yourusername/.ssh/id_rsa).

  • @kamaln7 I agree, but I was going with what he had already done – created the key on the server.

    He needs the key in the authorized_keys list, so he can scp over the key pairs, add the public key into the authorized_keys list, and purge the keys from his server.

    So, how exactly is he supposed to add “/home/yourusername/.ssh/id_rsa if it is on his server he’s SFTP'ing into?

    Sorry if I seem snippy. Just tired, I guess. My point remains, though.

  • @JonsJava If that is what happened, Step 1 was done in the wrong place and @maelga needs to re-do tutorial on their Linux/Mac machine to avoid needing to insecurely transfer private key. If it was a typo (the “create a SSH key pair through my droplet’s command line” comment), then the steps @kamaln7 posted for Filezilla should solve this question.

2 Answers

This question was answered by @kamaln7:

@JonsJava you shouldn’t copy your private key to your server. The server only needs your public key - which should be stored in ~/.ssh/authorized_keys along with the other public keys that are allowed to connect - to authenticate you.

@maelga open FileZilla, go to Preferences -> SFTP -> Add keys, and add your SSH private key (/home/yourusername/.ssh/id_rsa).

View the original comment

I’ve deleted all my private key files from my own windows pc (c:\users\bob.ssh\idrsa) and still I’m able to connect to my DO droplet. How come?
And on Win10 Bash, I’ve deleted the keys from “C:\Users\Bob\AppData\Local\Packages\CanonicalGroupLimited.Ubuntu18.04onWindows
79rhkp1fndgsc\LocalState\rootfs\home\bobu.ssh\id_rsa” and still I’m able to connect. How come?

Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!