SSH key authentication at server side

I usually do ssh key authentication as follows:

  1. generate key on client pc (# ssh-keygen -t rsa)
  2. copy the key to server (using ssh-copy-id or by other means)
  3. access server from client PC.

I have seen AWS servers (Amazon web servers) provide a key during server creation, which the client can then use to login.

Now I have a server with me in which I want to generate keys and distribute it to my clients. Every one with that key must be able to access to the server.

  1. How can I achieve this?
  2. How should I name these keys I distribute to clients? Is it Public key?

Am I missing any theory about public/private key here?


Solution 1:

Amazon linux uses key-pair as you do, but distributes a private key.

So, if you generate the user on server side you should add as usual the public key on /home/your_user/.ssh/authorized_keys, then distribute the private key to your client.

You should be aware of security concerns as "private keys are called private for a reason."

Solution 2:

Don't do this. If all your clients use the same keypair to access the server, and one of your clients leaves, you can't remove their access without cutting everyone off.

At least, get each client to generate their own keypair and send you the public key (which is also somewhat less insecure than you sending them a private key), then put all the public keys into the server's authorized_keys file. Better still, create each client their own user account on the server as well, and put each client's public key into the relevant user account's authorized_keys file.