I use a private SSH key and passwordless entry for a number of user accounts on a server that hosts a number of websites.
I use the same private key for each user account. (because I'm lazy? or is that the "right" way).
I now want to authorise another trusted computer in a different part of the country. If I copy the contents of my ~/.ssh onto that machine will that work without any other set up?
Will both machines be able to maintain a connection at the same time?
ssh between systems is fine so long as it's limited to just files like authorized_keys , config , and known_hosts . If you want two hosts to be able to access each other, each host needs its own private SSH key, which must then be added to the other host's authorized_keys file.
So, No - you'll need a separate key for each account. Although you need multiple ssh key pairs for multiple accounts you can configure multiple ssh identities and use via aliases on your machine. You can also just use your username in place of "git" or "hg". Still need separate keys, though.
The easiest way to copy SSH keys is using the ssh-copy-id script.
The public and private keys fit together as a key pair. You may share your public keys in order to receive transactions, but your private keys must be kept secret. If anyone has access to the private keys, they will also have access to any cryptocurrency associated with those keys.
Update: as an additional security recommendation, you should generate a new set of keys for a new machine and send your new public key out to the various hosts you use it on, rather than copying your private keys. If you're just moving everything to a new computer however, you can take your keys with you, but remember to destroy them securely on the old computer.
The correct answer is to copy your .ssh
directory from the old machine to the new. This part is easy (scp -r .ssh user@newmachinehost:~
will do fine—or you can type the keys in character-by-character, up to you).
BUT—I think the missing link to answer this question is what you have to do after you copy your private keys to the new machine.
I had to run the following for each key (I have 3 separate keys for various organizations)
ssh-add .ssh/[key-filename]
If the filename argument is omitted, id_rsa
is assumed.
Once you do this to each key (and enter they key's passphrase if required; it will prompt you), ssh will be able to use those keys to authenticate.
Otherwise, no amount of copying will do much. SSH will ignore the keys in .ssh until they are explicitly used (via ssh -i [keyfilename] ...
).
This should work, and both machines should be able to maintain a connection at the same time - I've had to copy my ~/.ssh
directory a few times before when hard drives have crashed.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With