12

I am currently implementing key pair login to my server as following:

generate key pair from my local laptop:

me@macbook:~ $ ssh-keygen -t rsa

transfer pub key from laptop to server:

me@macbook:$ scp ~/.ssh/id_rsa.pub user@myserver.com:~/id_rsa.pub

in the server, add pub key to authorized_keys file

$ cat id_rsa.pub >> ~/.ssh/authorized_keys

And I disabled the password login for ssh.

The problem is that, the key can only used in my laptop to ssh in my server, looks like it is binded with my macbook laptop. That means, if I am with another computer, I would not be able to use that private key to ssh. In worst case, if I lost my laptop, I will be locked, no way to ssh in. (Correct me if wrong, I am confused)

How can I make the private key useable for multiple machines? (like AWS ec2, i can use the .pem file @ anywhere to ssh in)

Thanks.

Below is content of authorized_keys file enter image description here

gilzero
  • 439
  • 4
  • 9
  • 20

1 Answers1

24

Private keys are paired with public keys. If you want to use the private key from another machine - you just copy it to that other machine. It's not tied to the machine, the @macbookpro at the end is just a comment string, you can change it to anything you like.

i.e. you have ~/.ssh/id_rsa which is your private key. If you want to use it from another machine, you copy it to that machine.

  • Private key - copy this to every machine you want to ssh from
  • Public key - put this on every machine you want to ssh to

You should only transfer private keys to machines you control and trust, and you should always protect it with a complex key phrase.

EightBitTony
  • 9,311
  • 1
  • 34
  • 46
  • 1
    thank you. can I remove that xxx@macbookrpo string in 'authorized_keys' file? – gilzero May 14 '12 at 07:32
  • Can't remember if **a** comment needs to be there but you can certainly change it to anything you like. It's only in the authorized_keys file as a reminder to you about where that public key came from. – EightBitTony May 14 '12 at 07:34