Re-using SSH keys

I just created a droplet on Digital Ocean and the documentation says:

If you do not already have an SSH key pair, which consists of a public and private key, you need to generate one. If you already have a key that you want to use, skip to the Copy the Public Key step.

I already have a Linode VPS for which I created SSH keys. Am I meant to reuse the key or create new ones for every server I use?


It's a good practice to copy a single public key to multiple servers.

It's a bad practice to copy a private key anywhere at all. Generate it on your workstation/laptop and let it stay there.

Bearing in mind a single private key gives ssh access to multiple servers, you need to properly secure it - at a minimum use a strong passphrase. Passphrase is made more convenient with pageant/ssh-agent.

Looking at a typical "laptop gets a backdoor" attack vector, does a dedicated private key per each server give additional security? Only if you have a dedicated laptop per each server :)


ssh keys are the security equivalent to passwords (from a multifactor standpoint) unless you use something like hardware ssh keys (gpgagent and yubikeys as an example)

Do you use the same password for your digital ocean and linode account?

You can also sign your keys if you're really security conscious (like facebook) with an internal certificate authority as a second layer of protection against lost keys.

Also, Keys can be lost, passwords can be forgotten.

For decent security, you can have a key pair per host, and specify your key with the identity flag, putty configuration, or ansible host configurations.

As a test, I loaded 10 keys into pageant, didn't seem to have an issue using any random key to authenticate.


You can reuse key pairs for multiple systems, however this is considered bad practice as that means that if an attacker gains control over your sole private key, he will now have access to all servers protected by this keypair.

It's quite easy to configure ssh to use multiple keys, so my recommendation would be to do this.