generate authentication key for ssh

I use method 1 and copy my public key to all the servers I want access to (using that key). The public key provides no way of identifying the other places it might be distributed to, and if you start using multiple keys for multiple hosts you are trying to access, you are just going to create a management nightmare for yourself.

Just make sure you keep your private key private and secured with a passphrase.


If you have access to the 'ssh-copy-id' command, this is a nice way to initially set up SSH Auth. from the source host. The ssh-copy-id script simply takes your Public key, copies it over to the remote host, to the file ~/.ssh/authorized_keys. It also makes sure the directory ~/.ssh exists, and has the mode set to 700 (go-rwx).

If you're going to set up a simple SSH Auth Chain between several machines like you describe above, you actually could use the same key for all machines. A simple recipe for this would be this:

Generate 1024 bit DSA key (could also be RSA, but then 2048 bit or more)

A ~# ssh-keygen -t dsa

Distribute the public key to the other 3 hosts. Here you will be presented with normal login to the user@B, user@C and user@D

A ~# ssh-copy-id -i .ssh/id_dsa.pub user@B
A ~# ssh-copy-id -i .ssh/id_dsa.pub user@C
A ~# ssh-copy-id -i .ssh/id_dsa.pub user@D

After id is copied you may distribute the private key (!) to the other hosts. This will actually enable you to logon to host A directly from B, or from D to C etc. as they all share the same key, and all have the same authorized_keys.

A ~# scp -p .ssh/id_dsa user@B:~/.ssh/
A ~# scp -p .ssh/id_dsa user@C:~/.ssh/
A ~# scp -p .ssh/id_dsa user@D:~/.ssh/

The final task is to rename the public key on host A, so that host A also has an authorized_keys and can allow login from hosts B, C and D.

A ~# mv .ssh/id_dsa.pub .ssh/authorized_keys

Now you should be able to move between or copy data between all the 4 hosts, using the same key, bypassing the Login-user-password challenge. Depending on weather you generated the key without password, that is...