1

Initially i tried (and failed) to generate a new SSH keypair for a new server. By default it offers to save it into ~/.ssh/id_rsa, which obviously i couldn't, so as to not overwrite my existing key. So instead i saved it under ~/.ssh/id_rsa_domain_name.

But when i copied the newly generated public key onto the server, it didn't work "out of the box". I thought it would automatically detect it, by going through all the keys, but it doesn't do that.

Then i put the original public key to the second server, and it works fine on both servers. So now i have effectively only one working SSH key, and i use it on 2 servers.

  1. Is this a decent idea security-wise?
  2. If I wanted to use the ~/.ssh/id_rsa_domain_name on the second server, how would I go about doing that?
Digital Ninja
  • 113
  • 4

1 Answers1

2

1.

Using the same key for more than one server is not a security issue. As long as the private key is safe, you don't need to worry.

2.

SSH does not automatically detect keys, apart from the default one. So if you want to use different keys for different hosts, you have to either specify the key with the -i switch, or write an entry to your ~/.ssh/config file, like this (for example):

Host 1.2.3.4
IdentityFile /the/private/part/of/your/keypair

Alternatively, you can use wildcards in the config, like this:

Host 192.168.1.*
IdentityFile /the/private/part/of/your/keypair
Lacek
  • 7,233
  • 24
  • 28
  • Partly Disagree - if either box is compromised and the SSH private key is acquired, traffic from the other box can be silently mitm'd and access needs to be revoked from both boxes. – davidgo Jan 20 '20 at 10:12
  • Your comment suggests that acquiring the private SSH key can be accomplished by breaking into the target hosts, which I don't think is true. One can get the private keys only by breaking into your computer, at which point they get all your keys, so you have no benefit of having separate keys for each hosts. You need to keep your private keys safe, but I don't see this a security issue in itself. – Lacek Jan 20 '20 at 10:52
  • @davidgo `> if either box is compromised and the SSH private key is acquired`. This won't be true, the servers only contain the public keys, the private keys stay on your machine. – Digital Ninja Jan 20 '20 at 18:18
  • @digitalninja - agreed, but we are talking about the private key here, not the public one. – davidgo Jan 20 '20 at 18:54