Suppose there are two machines, A and B, both with local user account alice present. Suppose also that ~/.ssh contains the same id_ed25519, id_ed25519.pub, and authorized_keys file on both machines. Will I be able to SSH from machine A to B or from B to A without passwords?
Asked
Active
Viewed 602 times
0
Ananth
- 51
- 1
- 9
1 Answers
0
To be able to SSH you need to distribute public keys by putting them into ~/.ssh/authorized_keys file (default for OpenSSH) of the corresponding user on target machines.
By using SSH agent and by enabling SSH agent forwarding you then will be able to connect from any of them to any other if you connected to the first machine by the means of the key.
Ideally each source machine (from which you are going to connect) should have its own keypair. For example, Proxmox VE does that: in cluster environment it maintains a shared authorized_keys file for roor; for each joined server it generates its own keypair, and puts a public part into that shared file. This way it achieves SSH from any server to any server.
Better don't distribute private keys!
Nikita Kipriyanov
- 10,947
- 2
- 24
- 45
-
You're missing the point of my question. I don't want security advice on managing my private keys. I just want to know if the scenario I outlined above is possible. – Ananth Apr 01 '22 at 10:16
-
It is *offtopic* in this site. Nobody will recommend or "approve" such kind of a solution on ServerFault since it's against normal business practices (see site description). – Nikita Kipriyanov Apr 11 '22 at 17:28
-
It's incredibly short sighted to declare this an abnormal business practice. I have a legitimate "business use" for what i described. I'm asking for ideas on how to see common tools. Just because it doesn't fit in your arbitrary definition it's not wrong. What a waste of time. – Ananth Apr 12 '22 at 18:46