Menu
I've got a private Github repo I want to access from two different Linux machines using the same set of ssh keys
For the first machine, I followed Github's instructions for generating SSH keys, and added the resulting public key to Github. This client works fine. i uplaoded both my private and public key in GitHub gists to easily wget it on second client
In the second machine , I downloaded the the private and public key to the necessary directory and gave relevant permissions.
wget -O /root/.ssh/id_rsa.pub URL(RAW)
wget -O /root/.ssh/id_rsa URL(RAW)
chmod 700 /root/.ssh
chmod 600 /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa.pub
I thought this might be all I had to do, but when I try to connect i get the following error
root@InstanceIDInHexa:~# ssh -T [email protected]
The authenticity of host 'github.com (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is SHA256:RandomStringOfAlphaNumericCharacters.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
Load key "/root/.ssh/id_rsa": invalid format
[email protected]: Permission denied (publickey).
root@InstanceIDInHexa:~#
I also checked the content and permissions of all the files and it looks good
cat /root/.ssh/id_rsa
cat /root/.ssh/id_rsa.pub
stat -c "%a" /root/.ssh
stat -c "%a" /root/.ssh/id_rsa
stat -c "%a" /root/.ssh/id_rsa.pub
is there something i am missing here ?
626
The same SSH key should be able to be used from multiple clients. I have different SSH keys for different networks and they're actually stored on an encrypted USB drive that I use from several different computers without a problem.
ssh between systems is fine so long as it's limited to just files like authorized_keys , config , and known_hosts . If you want two hosts to be able to access each other, each host needs its own private SSH key, which must then be added to the other host's authorized_keys file.
The only problem there could be, would be if somebody breaches your key (highly unlikely imo) he would have access to your other servers. But yet again, this is your private key so you should be fine with only one. Take a look at this answer here as well. Hope this helps.
First of all, the best practice is to have one key per user per machine. That's the most secure approach, because it means you can remove access from one machine independent from the other, such as if one machine is lost or stolen.
However, having said that, if you really want to do this and want to ignore best practices, you can copy the id_rsa and id_rsa.pub files to a different machine, and that should work. However, in this case, you generated the key on a newer machine which uses a different private key format or a more modern encryption algorithm for encrypting it then the older machine. The default encryption for older RSA keys, the PKCS #1 format, tends to leave a lot to be desired and isn't very secure.
The easiest, simplest way to solve this problem is to generate a new Ed25519 key pair because those always use the OpenSSH format, and you can do that with ssh-keygen -t ed25519. If you want to then copy it, the files are ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub. This is also the most preferred key format these days, but if you're using something ancient like CentOS 6, then it may not be supported.
If you don't want to do that, then you can convert the existing private key using ssh-keygen -i and ssh-keygen -e to convert your private key to the appropriate format. This should be done on the newer machine, the one that generated the key. The manual page documents the options and formats supported. You can use file on that machine to find out the format that the private key is in.
83
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
