Whenever I get a new laptop, I copy the public and private ssh keys from the older one. But since I sometimes hold on to the old laptops, I'll be logging into servers and such using the same dsa keypair from up to 3 different computers. Is there any harm in doing this? Or is it better to have a distinct public and private keys for each computer you own?
Asked
Active
Viewed 4,253 times
3 Answers
13
Your key identifies YOU, so it's semantically correct to use the same key everywhere. However, using the same key on 3 different computer increases the chance of the keys getting stolen.
-
2Agreed. If you want to help your security, make sure to use a passphrase, and leverage ssh-agent on your behalf. – Matt Simmons Jan 30 '10 at 21:24
7
I typically create an ssh key for each machine I connect from. That key has a useful comment so that I can identify each one, such as "mike-phone" vs "mike-laptop". In this way, if I lose one of the devices, I can easily remove its public key from systems I connect to without affecting my connection from other machines I use.
From a sysadmin perspective, its much better to have multiple public/private key pairs when things go south, while its more of a pain up front.
mikebabcock
- 420
- 4
- 12
0
I agree with Erenon: those keys identify the user not the machine, so it's the same (only stronger) as using username/password to access a site from many computers. I suggest anyway to use a USB key or an external repository to store your keys, so you can use them everywhere without worring too much about stealing issues.