ssh: is there any issue with adding my personal public key to authorized_keys?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
ssh: is there any issue with adding my personal public key to authorized_keys?
Is there anything fundamentally wrong with using my own public key for logging into my system? That is, appending ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys
This would enable you to connect to your computer remotely when you are away. You could keep your keys on a pendrive. It would be much better to produce a second set of keys for this purpose however. Also use a strong passphrase. This would be a better idea. If you were to loose your pendrive, or you think that your keys may have remained on someone elses computer, you can remove your portable key from the authorized key list and generate new ones.
The passphrase protects the private key on the client. The public key matches the private key on the client, so your question also implies using the same key pair on more than one system. There would be no advantage to this even if both computers are on your own lan. If one is compromised the other would be.
Well, I asked in general but, specifically to me. I'm not worried about carrying my keypair around on a keychain because it's just for accessing my two computers. If I lose my keychain I can very quickly regenerate new keys without major inconvenience. I'd just like to be able to make copies of my home directory on one computer to the other, and have them be able to access each other, without having to setup separate backup rules for the .ssh directory.
I'm not sure about the relative security implications, but if what you want to do is to keep two copies of your home directory on other machines, then have you considered simply mounting the /home directory across the network? You could even use fuse/sshfs to access your home directory over SSH.
Of course, that will only work if one machine is always up and the other is always on the same network.
Well, we're getting beyond the scope of this thread. But I don't really want to get into the sshfs idea because it complicates the boot process. In addition, the main reason for the two copies are for backup. The secondary home directory is on my grandfather's computer in another town. But it's also useful to have my home dir there because I use his computer frequently.
I think I will just keep my keypair on each computer. I don't think there are any major security implications. If his computer is compromised chances are it will be by a burglar unaware of what my keypair even is and I will have more than enough time to make a new one.
You need to worry about your Grandfather's computer being compromised on line as well. What is so hard about having a key pair for each computer? You could use the same pass phrase for both private keys, and copy the public key from each one to the authorized_keys file of the other.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
