LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-06-2008, 02:30 PM   #1
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Rep: Reputation: 65
ssh: is there any issue with adding my personal public key to authorized_keys?


Is there anything fundamentally wrong with using my own public key for logging into my system? That is, appending ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys
 
Old 10-06-2008, 02:54 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
This would enable you to connect to your computer remotely when you are away. You could keep your keys on a pendrive. It would be much better to produce a second set of keys for this purpose however. Also use a strong passphrase. This would be a better idea. If you were to loose your pendrive, or you think that your keys may have remained on someone elses computer, you can remove your portable key from the authorized key list and generate new ones.

The passphrase protects the private key on the client. The public key matches the private key on the client, so your question also implies using the same key pair on more than one system. There would be no advantage to this even if both computers are on your own lan. If one is compromised the other would be.

Last edited by jschiwal; 10-06-2008 at 02:57 PM.
 
Old 10-06-2008, 03:33 PM   #3
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Original Poster
Rep: Reputation: 65
Well, I asked in general but, specifically to me. I'm not worried about carrying my keypair around on a keychain because it's just for accessing my two computers. If I lose my keychain I can very quickly regenerate new keys without major inconvenience. I'd just like to be able to make copies of my home directory on one computer to the other, and have them be able to access each other, without having to setup separate backup rules for the .ssh directory.
 
Old 10-06-2008, 04:13 PM   #4
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 65
I'm not sure about the relative security implications, but if what you want to do is to keep two copies of your home directory on other machines, then have you considered simply mounting the /home directory across the network? You could even use fuse/sshfs to access your home directory over SSH.

Of course, that will only work if one machine is always up and the other is always on the same network.
 
Old 10-06-2008, 06:27 PM   #5
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Original Poster
Rep: Reputation: 65
Well, we're getting beyond the scope of this thread. But I don't really want to get into the sshfs idea because it complicates the boot process. In addition, the main reason for the two copies are for backup. The secondary home directory is on my grandfather's computer in another town. But it's also useful to have my home dir there because I use his computer frequently.

I think I will just keep my keypair on each computer. I don't think there are any major security implications. If his computer is compromised chances are it will be by a burglar unaware of what my keypair even is and I will have more than enough time to make a new one.

Last edited by Meson; 10-06-2008 at 06:29 PM.
 
Old 10-06-2008, 11:34 PM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You need to worry about your Grandfather's computer being compromised on line as well. What is so hard about having a key pair for each computer? You could use the same pass phrase for both private keys, and copy the public key from each one to the authorized_keys file of the other.

If you use:
eval $(ssh-agent)
ssh-add

You will only need to enter the pass phrase once.
 
Old 10-07-2008, 12:27 AM   #7
Meson
Member
 
Registered: Oct 2007
Distribution: Arch x86_64
Posts: 606

Original Poster
Rep: Reputation: 65
Quote:
Originally Posted by jschiwal View Post
You need to worry about your Grandfather's computer being compromised on line as well.
No more than mine
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
open-ssh vs. commercial ssh (tru64), public-key auth not possible? cf050 Linux - Networking 8 03-28-2012 11:15 AM
Public key authentication with ssh elnacho12 Linux - Networking 3 12-18-2007 08:38 AM
ssh with public key authorisation dasy2k1 Linux - Networking 5 09-13-2006 12:26 PM
Can't use public key authentication with SSH Noob69 Linux - General 5 01-06-2006 06:27 AM
ssh using public key jkmartha Linux - Networking 1 05-04-2005 02:52 AM


All times are GMT -5. The time now is 09:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration