Menu
I'm done setting up ssh login using public/private key pair. I have my id_rsa (private key) in my ~/.ssh directory and also still have id_rsa.pub (public key) in the same directory. I'm no security expert, but something tells me its not a good idea to keep both keys in the same directory?
Is it a good practice to remove the public key file after I've added it to the server's authorized_keys file? If there is no harm in keeping the public key around, should I move it to a different directory?
One shortcoming I can think of is that I would have to re-generate a public/private key pair if I wanted to ssh into to a different server. Is it a good practice to generate a new public/private key pair for different servers?
950
The "secret" part of your key needs to be kept safe - in your home directory is the usual place. The public key is MEANT to be shared, that's the whole point of it being public.
So, make sure your .ssh directory is kept safely protected at all times.
The public key isn't secret, so whilst you can delete it if you want, it won't help much, since anyone that can read authorized_keys can get it... It is there in full view.
Obviously, deleting your private key would mean that you'd have to make a new pair of private public keys. But only someone that has your private key can get into your account - and only if it's in the authorized_keys on that machine [of course, that can be copied from one place to another!]
In summary: If you feel like saving the diskspace, delete the public key. But it doesn't really matter - it's out there on the other end of the line.
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
