Using ssh keys for multiple sites


I was wondering, is it considered safe to use the same SSH key for multiple sites? (eg. github, bitbucket, heroku, etc)?

Or is it recommended to generate a different SSH key for each website/usage?

Best Answer

You are only giving the public key to these sites. They can't do anything with this key, other than identifying that it is the same one. If you are concerned about your anonymity, use separate keys (and configure your ssh client to offer just one to each server, not all of them).

There is no risk of compromising your private key, as long as you use it correctly and don't let is leave your computer. Of course, if it is compromised somehow, it would compromise all your accounts there.

But the most probable scenario of compromising your key would be a trojan or similar on your computer, in this scenario all your other keys will be compromised as well. So using only one public key (per client computer) is enough here, too.

Related Question