Manage Remote SSH/Rsync/Scp Keys2 min read.
The most secure way to login to a remote machine and copy files to and from it, is by using SSH keys (normally RSA).
Managing these keys, between multiple servers and especially between development machines can become cumbersome. There is also the security threat of leaving keys lying around on machines.
A great way to not have keys as files on local disk is using the unix ssh-agent program. Tools like ssh, rsync and scp read from the ssh-agent when trying to access a server, and will try each key until a valid key is found. This happens quickly and delays trying keys are not observable to a user.
pk ssh-add command is used to download any ssh keys securely and add them to the local running ssh-agent.
After which you can run ssh, rsync or scp normally and the ssh-agent will make the key available to them.
pk ssh-add -s personal -n mykey,myclient-key1 -p
This command will download the ssh keys “mykey” and “myclient-key1”, and then add them to the ssh-agent.
To remove the keys run:
This will remove all keys from the local ssh-agent.
Formats and Types
Keys must be PEM encoded, and can be RSA (PKCS1, or PKCS8) or ECDSA.
Keys can also be password protected themselves. When the
pk ssh-add command reads a password protected key,
it will prompt for the key’s password, to decrypt it for the ssh-agent.
We assume you have:
We are going to walk you though an example where we setup an AWS server with a private RSA key.
We’ll add this key to our pkhub “Pub/Priv Keys”, and show you how to run the
command to add this key to the local ssh-agent. Finally we’ll show how to ssh into the AWS server
using the ssh-agent.
Here we use AWS, but this can be applied to any cloud provider and or any self managed servers, even your local dev laptops.
Step 1: Setup
Create the key in AWS
Create the aws server, with the ssh key assigned
Create the PK Hub Pub/Priv Key entry
Step 2: Run the pk ssh-add command
You can now add the private key using the PK CLI.
pk ssh-add command can download any private keys from your pkhub safe and add it to the local ssh agent.
pk shh-add -s myorg -n mydev -p
Step 3: SSH into the server
In this use-case we have shown how easy it is to setup and manage ssh keys, and then make them available on your local dev laptop. This can also be done on remote servers and any machine that runs ssh-agent.