I created a key for logging into a server (using ssh-keygen) with the name id_rsa, and so in my .ssh directory there is id_rsa.pub and id_rsa.
The reason I used this name, is because when I tried other names, they didn't work with my server (I couldn't log in for some reason).
I setup a new server today (and generated the key on a different computer). But the key names is also id_rsa.
So how do I use the same key on my macbook pro (OSX), which already has a key named id_rsa, which is still in use (I can't get rid of it, as I need to use it to log into some other servers) ?
Best Answer
Generally speaking SSH keys identify clients, not servers (well, at least for the keys in
~/.ssh
). The recommended approach is to generate one key per client, as you’ve done effectively, and to add all the appropriate public keys to~/.ssh/authorized_keys
on the servers/accounts you need to access.So on your Macbook Pro, you wouldn’t add the new server’s key, you’d add your existing key (stored on the Macbook) to the new server, typically by using
If that doesn’t work,
on your Macbook and copy/paste that at the end of
~/.ssh/authorized_keys
on the server.Each account you need to use on each server will end up with a
~/.ssh/authorized_keys
looking something likeThe lines will wrap in most editors, so it won’t look quite like the above when viewed; but there is only one line per key. Each line takes the form
The important part in this is the middle section which is the base64-encoded public key. Any user with a matching private key will be allowed on the server.
The key-type is usually
ssh-rsa
nowadays, but you can expect to see other types become more popular in the future (such asssh-ed255519
). This depends on the options given when the key was generated.The comment is only there to help people identify the keys, so that once in a while someone can go through the list of authorized keys and make sensible decisions about whether to keep a key or not (disabling a key is as easy as commenting the line out with a
#
at the start of the file). Typically the comment is the username and hostname corresponding to the generated key (/i.e./ your username when you ranssh-keygen
and the hostname of the client computer).The optional options (there aren’t any in the example above) allow you to control what the users are allowed to do on the server, and/or to constrain the keys (requiring them to be signed by a specific certificate authority for example). For details, see the
sshd
manpage (search for “AUTHORIZED_KEYS FILE FORMAT”).