Duplicate/unique SSH key-pairs for multiple clients?
Ted Roche
tedroche at tedroche.com
Thu Apr 7 15:07:01 EDT 2005
I've been using ssh for a couple of years for secure login to remote
servers by using usernames and password. I've finally had a client
project come up that required the unattended use of an ssh tunnel by a
batch job, so I've worked out the process of generating keys and
passphrases and running ssh-agent to make the connections work without
requiring keyboard input. Wish I'd done it years ago.
I've got three machines that I use to log into the various remote
machines, one desktop and two laptops. I've generated public and
private keys from the desktop and distributed the public keys to the
remote machines of interest and verified remote login works. Now I
would like to do the same thing for the laptops, and here's the
question: should I copy my public/private key-pair from the desktop to
matching directories on the laptops? I'm not inclined to, because of
the greater risk of the laptops being stolen while I'm on the road.
Physical possession of the device would let anyone with Knoppix read
the directories and lift my keys. So, I'm thinking that I need separate
sets of keys on each machine so that if one is lost, I can remove the
public key from all of the remote machines.
It seems that I have to duplicate my work on each machine, a fairly
trivial task of key generation and then distribution to each server. Is
there a better way?
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com
More information about the gnhlug-discuss
mailing list