Duplicate/unique SSH key-pairs for multiple clients?

Ted Roche tedroche at tedroche.com
Thu Apr 7 15:07:01 EDT 2005


I've been using ssh for a couple of years for secure login to remote 
servers by using usernames and password. I've finally had a client 
project come up that required the unattended use of an ssh tunnel by a 
batch job, so I've worked out the process of generating keys and 
passphrases and running ssh-agent to make the connections work without 
requiring keyboard input. Wish I'd done it years ago.

I've got three machines that I use to log into the various remote 
machines, one desktop and two laptops. I've generated public and 
private keys from the desktop and distributed the public keys to the 
remote machines of interest and verified remote login works. Now I 
would like to do the same thing for the laptops, and here's the 
question: should I copy my public/private key-pair from the desktop to 
matching directories on the laptops? I'm not inclined to, because of 
the greater risk of the laptops being stolen while I'm on the road. 
Physical possession of the device would let anyone with Knoppix read 
the directories and lift my keys. So, I'm thinking that I need separate 
sets of keys on each machine so that if one is lost, I can remove the 
public key from all of the remote machines.

It seems that I have to duplicate my work on each machine, a fairly 
trivial task of key generation and then distribution to each server. Is 
there a better way?

Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com




More information about the gnhlug-discuss mailing list