I was reading about SSH key authentication and setting it up with my 3 computers at home.
I have one main computer, call it "A", and two others, call them "B" and "C".
Now based on the documentation I've read, I would run ssh-keygen on B and C and put the public keys on computer A assuming I will always SSH into computer A, if I'm on B or C.
But, I think the documentation examples I've read assumes only 1 home computer will be used with lets say some other outside computer. In my situation, does it make sense to just run ssh-keygen on one computer and copy the files over to the others? This way I only need to back up one set of keys? And when I log into an outside computer, I only have to set it up with 1 set of keys as well as opposed to setting it up with all three computers.
Does this make sense? Any flaws or cautionary notes to consider?
Thanks.
Best Answer
You can theoratically do both ways, but they each have their advantages and drawbacks :
You can indeed create only 1 key, say it's "yours" (as a person), secure it somewhere and copy it to any computer you use. The advantage is that you can connect to A from wherever you go, as long as you possess your SSH private key. The drawback is that as long as you copy your private key from a place to another, whatever the way, you increase the risk of it being read by someone eavesdropping the connection. Worse, if computer C gets stolen, you have to regenerate a new key on all computers who use this key, and distribute a new one.
On the other hand, using 1 key per user@computer has the advantage of more "fine-control" over "what" can connect "where". It's the most common way to do.
If, for example, you were to give computer C to your brother/sister/wife/husband/friend/dog, or to a thief (without your approval), you would just have to remove the key from A's ''authorized_keys'' file.
So even if it means "more keys in authorized_keys" I suggest the second approach.