Should I create a new private ssh key on each system?

ssh security

I need to connect to multiple servers from multiple devices via SSH. I'm wondering if I should be creating a new id_dsa file on each device I'm connecting from, or if there isn't a problem copying the same id_dsa file to each device.

For instance, I have my primary Ubuntu-based desktop system and a MacBook Pro with ssh. And I have a Windows based Netbook with Putty installed. And I have an Android phone with ConnectBot. From any one of these devices, I might need to SSH in to dozens of different physical and virtual servers.

Each server needs my public key installed. Also, my GitHub and Codaset accounts require my public key.

To simplify key management, I'm thinking of using the same private key on all of these systems. Is this common practice, or is it better to have a private key on each system?


Solution 1:

If you use the same public key on each system and the private key becomes compromised, then any system using that key, barring other restrictions, will be accessible.

I trust you are using password protected private keys?

In our management practice, we have low, medium and high security "roles". Each role uses a different key. High security private keys are never to be transmitted to external assets, used on laptops that could be lost/stolen, etc. Medium and low security keys can be deployed in a wider range of scenarios.

I suggest examining your usage patterns and see what makes since in terms of security roles. What is the damage done by getting your private key?

Have you considered placing your SSH private key onto a hardware device from which it cannot be stolen, removing the potential compromise of the key into a non-issue?

Both hardware security modules and smart cards can be used to store SSH private keys in a secure manner, enabling all cryptographic operations to be performed on the device, rather than on your operating systems. However, they are not a panacea, as these require backup hardware devices also, in case of a hardware failure.

Solution 2:

Absolutely you should. You can always add all of the keys to your authorized_keys2 file. I like jeffatrackaid's suggestion. However, I'd use different private keys for each device - why not. Lose your Android. Simple, remove the key from the list of authorized keys. If you don't, you'll have to regenerate that level of key again.

That said, it depends on how you perceive the risk of these assets. Obviously you don't want to lose the keys but some you can expose to greater risk, i.e. github vs the root to your vps, for example.

Related

Experiences with BIRD for BGP?
Why are my MongoDB queries really, really slow?
How to setup a NNTP server for Usenet?
Too many TIME_WAIT state connections! [duplicate]
DB auto failover in c# does not work when the principal server physically goes offline
Architecting network with 10 Mbps half duplex phone system
Is there a way to make my local AppCmd.exe to refer to a remote server?
How to resolve "svn: Can't find a temporary directory: Internal error"?
netcat throughput low but iperf high
Bind zone transfer refused
How do people monitor the status of bonding slave interfaces on linux?
Can postgres internal log rotation mechanism delete log files older than a certain time?