do SSH keys have to be unique to the service they are used for?
Solution 1:
SSH keys do not have to be unique to a particular service. As a matter of good general practice they should be unique to a purpose.
For example you as a person may have several SSH keys:
- A key for your personal systems
- A key for your work systems
- A key you use with github/rsync.net/etc.
At work you may also have keys dedicated to specific programs (one used by Puppet, one used by backup software, etc.)
You should consider your security and confidentiality needs, then determine if you should create a new key, or use an existing key.
The instructions you pasted seem to indicate that when you create a "droplet" Digital Ocean adds specified keys to root's authorized_keys
file. After that they do not manage the authorized_keys
file further, so if you've already created a server without specifying keys (or you want to add/change/delete keys later) you will need to manually edit root's authorized_keys
file to make those changes.
You do not need to destroy/re-create the server for this.
Solution 2:
I don't know anything about DigitalOcean.
You can use the same ssh key for everything, but in some circumstances it may be better not to. If you are forwarding your key using an SSH agent, then there's a risk that someone with root privileges on the machine you forward to may be able to use your key, for as long as you are still connected. Where else they could connect to using that key depends on where else you used the same key. Many would consider such concerns paranoid, but equally there are circumstances which require a great deal of care (even paranoia). You know what's at stake more than I do.
Be aware that you can sometimes get unexpected results if you put the same key into an .ssh/authorized_keys
file twice. Avoid that.