LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ssh: is there any issue with adding my personal public key to authorized_keys? (https://www.linuxquestions.org/questions/linux-security-4/ssh-is-there-any-issue-with-adding-my-personal-public-key-to-authorized_keys-674633/)

Meson 10-06-2008 02:30 PM
ssh: is there any issue with adding my personal public key to authorized_keys?
 
Is there anything fundamentally wrong with using my own public key for logging into my system? That is, appending ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys

jschiwal 10-06-2008 02:54 PM
This would enable you to connect to your computer remotely when you are away. You could keep your keys on a pendrive. It would be much better to produce a second set of keys for this purpose however. Also use a strong passphrase. This would be a better idea. If you were to loose your pendrive, or you think that your keys may have remained on someone elses computer, you can remove your portable key from the authorized key list and generate new ones.

The passphrase protects the private key on the client. The public key matches the private key on the client, so your question also implies using the same key pair on more than one system. There would be no advantage to this even if both computers are on your own lan. If one is compromised the other would be.

Meson 10-06-2008 03:33 PM
Well, I asked in general but, specifically to me. I'm not worried about carrying my keypair around on a keychain because it's just for accessing my two computers. If I lose my keychain I can very quickly regenerate new keys without major inconvenience. I'd just like to be able to make copies of my home directory on one computer to the other, and have them be able to access each other, without having to setup separate backup rules for the .ssh directory.

rjlee 10-06-2008 04:13 PM
I'm not sure about the relative security implications, but if what you want to do is to keep two copies of your home directory on other machines, then have you considered simply mounting the /home directory across the network? You could even use fuse/sshfs to access your home directory over SSH.

Of course, that will only work if one machine is always up and the other is always on the same network.

Meson 10-06-2008 06:27 PM
Well, we're getting beyond the scope of this thread. But I don't really want to get into the sshfs idea because it complicates the boot process. In addition, the main reason for the two copies are for backup. The secondary home directory is on my grandfather's computer in another town. But it's also useful to have my home dir there because I use his computer frequently.

I think I will just keep my keypair on each computer. I don't think there are any major security implications. If his computer is compromised chances are it will be by a burglar unaware of what my keypair even is and I will have more than enough time to make a new one.

jschiwal 10-06-2008 11:34 PM
You need to worry about your Grandfather's computer being compromised on line as well. What is so hard about having a key pair for each computer? You could use the same pass phrase for both private keys, and copy the public key from each one to the authorized_keys file of the other.

If you use:
eval $(ssh-agent)
ssh-add

You will only need to enter the pass phrase once.

Meson 10-07-2008 12:27 AM
Quote:
Originally Posted by jschiwal (Post 3302542)
You need to worry about your Grandfather's computer being compromised on line as well.
No more than mine :D


All times are GMT -5. The time now is 12:09 AM.