Monday, June 25, 2012

Extracting public SSH key from its private key

There are numerous situations where we set up controlled password-less SSH access between 2 different accounts.

For example, we might use the private key 'Identity' to access the relevant servers to implement updates to applications.

ssh –i identity … … …

And that the identity is actually a DSA encrypted private key.

[root@PROD ~]# more id_dsa
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCHSKGUulKjivv+k6V6v3AosDG2fR/tpVQMQy5zgCk+6qu7cnzr
COJsJ7Kgwo5hGnh84CMoJrBvTt+EgYm+j+M42hJlBw3T3Y2mLZPm41cctLwmkV81
3WLaLLrwgCVlFGojPqVZp+rTX7X2+7/Y7UwyjjyS82FeYMuJY0+JqxkJEwIVALJO
t1gjM9qhAffvHLuQCv1a+jVpAoGAU/luROlbuzsPsXmxOCFTZUQCKSKB7gCHMqYS
3+S38omZiKyit4iYrtpbVKosH9IhPX8YJvYJya/UKCVllkuMHR0qybEizDbzRmWQ
4onBim3GyFq9C71i72XWHcVrndrwuHp+7rUcA2J4REkft8kodKs2SOZCKlnUduOz
K3ZwRRMCgYByS35wDwH6b7dym1eGj/3YCAKg8iGrfbBgZRMhvg3Z1+nxr9Uk5Vbl
1aOuLZ9/cmF5aEgBbSvW1+04DQh0cS+qCnUaIBGhMDzWFYIrGF7pfoJTfhS58SfT
YBcFo14hpU+SYCYaxjJI2KIMh85y+5pdJBGMvfsLBDo1k7YSxxvVRwIUMIBGrgmK
EgtczjE0j6N9zpozxCv=
-----END DSA PRIVATE KEY-----

If you do not have or misplaced the public key (rare case i think), we can actually extract the public key from the private key by the following command.

[root@PROD ~]# ssh-keygen -y -f id_dsa
ssh-dss AAAAB3NzaC1kc3MAAACBAIcvBnM6UqOK+/6TpXq/cCiwMbZ9H+2lVAxDLnOAKT7qq7tyfOsI4mwnsqDCjmEaeHzgIygmsG9O34SBib6P4zjaEmUHDdPdjaYtk+bjVxy0vCaRXzXdYtosuvCAJWUUaiM+pVmn6tNftfb7v9jtTDKOPJLzYV5gy4ljT4mrGQkTAAAAFQCyTrdYIzPaoQH37xy7kAr9Wvo1aQAAAIBT+W5E6Vu7Ow+xebE4IVNlRAIpIoHuAIcyphLf5LfygQbU3KK3iJiu2ltUqiwf0iE9fxgm9gnJr9QoJWWWS4wdHSrJsSLMNvNGZZDiicGKbcbIWr0LvWLvZdYdxWud2vC4en7utRwDYnhESR+3ySh0qzZI5kIqWdR247MrdnBFEwAAAIByS35wDwH6b7dym1eGj/3YCAKg8iGrfbBgZRMhvg3Z1+nxr9Uk5Vbl1aOuLZ9/cmF5bCjzbSvW1+04DQh0cS+qCnUaIBGhMDzWFYIrGF7pfoJTfhS58SfTYBcFo14hpU+SYCYaxjJI2KIMh85y+5pdJBGMvfsLBDowErtYxxvVRw==

Then you can use the output in the authorized_keys for setting up the password-less access.

~end

No comments: