LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-04-2015, 05:28 PM   #1
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Rep: Reputation: Disabled
Managing Keys for Multiple Hosts?


I set up public key authentication between my MacBook and and VPS for added security and convenience when I SFTP things to my VPS.

Now I have some new clients who want me to manage their websites, and I want a similar set up for each client.

Do I need a public/private key pair for each client?

How can I be sure that whatever I do in my SFTP client doesn't put the other accounts - particularly my own VPS - at risk?

Thanks,


Rob

Last edited by RobInRockCity; 05-04-2015 at 05:29 PM.
 
Old 05-05-2015, 09:39 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,577
Blog Entries: 14

Rep: Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969Reputation: 969
You just need to put your ssh key from the MacBook in the authorized_keys file on each of the target hosts. Each target should have separate setups so the "pair" is the combination of the target and your MacBook so is already different (so long as you didn't copy keys between hosts - sometimes you do that if you're doing something like clustering).

Note that the keys are per user on your MacBook so one way you could separate out what you're doing on each target is to setup multiple users on the MacBook that you su to before pushing via sftp.

e.g. su - vpsftpuser then sftp vps...
su - client1user then sftp client1...
su - client2user then sftp client2...

You could instead setup a menu that aliases sftp to go to specific targets when you use it so that you pick the client before you execute sftp and execution of sftp already has the client selected via the alias.

There's probably dozens of ways to do this.

However, the fact this MIGHT be a problem is a good reason to insure you are doing backups on all the systems regularly. No matter how well you plan the chances of a fat finger aren't completely eliminated not to mention the idea that the hardware or OS might fall over and die even if you weren't doing anything.
 
1 members found this post helpful.
Old 05-05-2015, 09:54 PM   #3
RobInRockCity
Member
 
Registered: Feb 2015
Posts: 141

Original Poster
Rep: Reputation: Disabled
MensaWater,

Unfortunately I was too busy (and dumb) to type up what I did earlier this year for my VPS.

What I recall is that I generated a public/private key pair on my Mac, and then I used the upload feature in cPanel on my VPS to upload the Public Key to my VPS.

On my Mac in .ssh, I have: id_rsa, id_rsa.pub, and known-hosts.

According to my web host, for a shared plan I have to create the key-pair using cPanel. And that would likely create the files: id_rsa and id_rsa.pub. So then I would have to copy the id_rsa to my MacBook, and that would overwrite the same file with the Private Key for my VPS.

See the issue?
 
Old 05-06-2015, 09:20 AM   #4
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 810

Rep: Reputation: 264Reputation: 264Reputation: 264
You need to copy the contents of id_rsa.pub to the file authorized_keys on every server that you want to SSH in to. You can have several keys in that file, just start it on a new line.

See if your VPS allows you to upload a public key.
 
Old 05-06-2015, 11:08 AM   #5
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,258

Rep: Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947Reputation: 1947
Quote:
Originally Posted by maples View Post
You need to copy the contents of id_rsa.pub to the file authorized_keys on every server that you want to SSH in to. You can have several keys in that file, just start it on a new line.

See if your VPS allows you to upload a public key.
^this

If, on the other hand, each server truly does require you to log in with a special private key, you can simply use the -i flag in ssh to send a unique private key to each server. If you want it automated, just stick it in .ssh/config with "IdentityFile", eg:
http://nerderati.com/2011/03/17/simp...h-config-file/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bash quesion - scp on multiple hosts to multiple directories in each one mierea.ciprian Programming 2 06-22-2012 01:27 PM
LXer: Managing Multiple KVM Hosts With Enomalism2 [Ubuntu 8.10] LXer Syndicated Linux News 0 04-23-2009 10:50 AM
ssh - managing keys Firebar Linux - Security 3 04-13-2007 10:33 AM
Managing a large amount of Unix hosts? keysorsoze Linux - Software 2 02-23-2007 06:32 PM
RpmDrake - managing keys giri2 Mandriva 1 08-30-2004 09:25 PM


All times are GMT -5. The time now is 11:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration