How do I backup ssh keys?

ssh backup

Responding to SSH only... yes, you can keep your keys.

I can't think of any topic on which to expound about that, though. It is straight forward: if your username is karthick, then the keys are located in a hidden directory here: 

/home/karthick/.ssh

or

~/.ssh

The id_rsa.pub file contains the public key used to authenticate. But there are other files to keep - all of them, really, such as known_hosts for example. The MOST IMPORTANT is id_rsa (note the lack of .pub) as this is your private key. Back up each user. For example, if you set up SSH for root, get /root/.ssh as well. And so on for as many accounts as you have for this reason.


Cryptographic keys which you may want to backup.

  • ~/.gnupg/*
  • ~/.pki/nssdb/*
  • ~/.gnome2/keyrings/*
  • ~/.ssh/*
  • /usr/local/apache2/conf/ssl.crt/server.crt
  • /usr/local/apache2/conf/ssl.key/server.key
  • /etc/ssh/*
  • /etc/ssl/private/*
  • /etc/cups/ssl/*

Each user has a directoy ~/.ssh, which typically contains the following files:

1) id_dsa             private key of this user (different filename for rsa keys)
1) id_dsa.pub         public key of this user
2) authorized_keys    public key of other users (or same user on other machines)
   config             personal configuration
   known_hosts        host keys of other machines

Additionally, in /etc/ssh/, you will find:

3) ssh_host_dsa_key
3) ssh_host_dsa_key.pub
3) ssh_host_rsa_key
3) ssh_host_rsa_key.pub

Those are the host keys, keys identifying this computer.

You certainly want to backup all private and public keys. We call the machine in question home and the user user@home. Same person has an account user@remote and uses key-based login in both directions. What would happen if you loose any of the key files:

  1. You loose the identity of user@home. ssh user@remote from home will no longer work with key based auth.
  2. user@remote loose the right to login to home with his key. ssh user@home will no longer work from remote with key based auth.
  3. You loose the identity of the host. user@remote will see a warning that host keys have changed when trying ssh user@home. Depending on the configuration this will prevent him from logging in.

Related

How to create shortcut for a command in terminal? [duplicate]
How to install Telegram Desktop in Ubuntu 14.04 LTS [duplicate]
Specify JDK for tomcat7
How to watch Acestream / Sopcast Ubuntu 16.04 LTS?
Display only processes by a user in htop?
Is it bad practice to git init in the $home directory to keep track of dot files?
Lauching Sublime Text From Command Line
Why can I modify a read-only file?
How to check which tty I'm currently using?
Access to the terminal while you are on Vim
Getting 'Release is not valid yet' while updating ubuntu docker container
Has anyone who took part in the App Showdown gotten the promised t-shirt? [closed]