A SSH private key as generated by ssh-keygen contains a public key part. How do I retrieve this public key from the private key? I've lost my public key and need to put the contents of this public key in the servers authorized_keys file and do not want to create a new key pair.

Alternatively phrased: how do I create the id_rsa.pub file from a id_rsa file?

2 Answers

I've found the answer on Server Fault: Create a public SSH key from the private key?

The option -y outputs the public key:

ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

As a side note, the comment of the public key is lost. I've had a site which required the comment (Launchpad?), so you need to edit ~/.ssh/id_rsa.pub and append a comment to the first line with a space between the comment and key data. An example public key is shown truncated below.

ssh-rsa AAAA..../VqDjtS5 ubuntu@ubuntu

For keys that were added to the SSH Agent (a program that runs in the background and avoids the need for re-entering the keyfile passphrase over and over again), you can use the ssh-add -L command to list the public keys for keys that were added to the agent (via ssh-add -l). This is useful when the SSH key is stored on a smart card (and access to the private key file is not possible).

This is a solution is specifically for users using Windows to SSH into their remote machines, including cloud images on Amazon AWS and GCE.

(Disclaimer)

I recently used this solution to remote log in to new deployed VM images on GCE.

Tools used:

1. puttygen
2. WinSCP

Steps to perform:

1. Generate a public/private key pair using puttygen.
2. Upload a public key to your server in the cloud or remote location.

Description (how to do it):

1. Generate a key/pair or use an existing private key:

   If you have a private key:

   Open puttygen, press load button and select your private key (*.pem) file.

   If you do not have a private key:

   • Open puttygen,
   • Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section... and it is important that you leave the passphrase field blank,
   • Press generate and follow instructions to generate (public/private) key pair.

2. Create a new 'authorized_keys' file (with Notepad):

   Copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file.

   Make sure there is only one line of text in this file.

3. Upload the key to a Linux server:

   • Open WinSCP,
   • Select the SFTP file protocol and log in with your SSH credentials.
   • On success, you see the home directory structure at your remote machine.

   Upload authorized_keys file to the home directory at the remote machine.

4. Set proper permissions:

   Make a .ssh directory (if it does not exist)

   Copy the authorized_keys file to the .ssh directory (this will replace any existing authorized_keys file; take note of this).

   If the file exists, simply add the contents of this file to the existing file.

   Run commands to set permissions:

    sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys

Now you will be able to ssh into a remote machine without entering credentials every time.

Further reading:

1. Generating and uploading SSH keys under Windows

2. Authentication without password using OpenSSH Key, certificates .pem and .pub