-   Linux - Server (
-   -   OpenSSH with multiple secret keys (

slackamp 10-11-2006 10:58 AM

OpenSSH with multiple secret keys
hello forum, well i have been googling but could not find relevant searches. i have multiple servers and would like to use different public/secret keypair. how do i go about doing this? on the server side i can append to the authorize_keys file, on the client side i tried appending to the id_rsa file and this doesn't seem to work. so i can only use one secret key.

tronayne 10-11-2006 11:36 AM

When you ssh <machine>, that machine is added to .ssh/known_hosts in whatever your home directory is when you connect. This happens on every machine when it first connects with ssh to another machine. If you want to connect without a password to a given machine, you need to, in every user home directory that will be connecting to every machine, generate a public and private key with ssh-keygen. For example, if you're using rsa, you would generate the public-private keys with
ssh-keygen -b 1024 -t rsa
and you'll have two files in .ssh: id_rsa and You copy the file to the authorized_keys file on all the other machines that will connect to this one as this user; that is, you'll have one entry for every machine on your network in known_hosts and one entry for every machine on your network in authorized_keys (you don't put the file into the authorized_keys on "this" machine, only those files from "other" machines).

You said above that you copied the id_rsa file to another box? If you actually did that, you need to redo as above (copy not id_rsa).

Hope this helps.

slackamp 10-11-2006 12:01 PM

thanks for the input but i don't that answers my question.

reason for doing this is i want to password protect 1 secret key and the other not.


1 client and 1 userid

userid exists on both server1 and server2 and both uses OpenSSH.

server1 - slackware (password protected secret key)
server2 - aix (not password protected secret key)

generated keypair in server1 (id_rsa and
cat > authorized_keys

generated keypair in server2 (id_rsa and
cat > authorized_keys

i then scp both id_rsa's from server1 and server2 to my client pc.

so now i have 2 secret keys. how do i go about using them both simultaneously and be able to login to 2 different servers.

tronayne 10-11-2006 12:39 PM

From what you replied, it looks like you're doing it backwards, maybe? You're supposed, AFAIK, to do it like this:

ssh-keygen -t rsa
cp > server2 authorized_keys

ssh-keygen -t rsa
cp > server1 authorized_keys

The important thing is to copy the file to the other server's authorized_keys file -- it looks like you're copying to the authorized_keys file on this server and that's not going to do any good whatsoever.

When you look at authorized_keys on server1, the last thing in the entry should be user@server2; that's so user@server2 can connect to server1 without a password.

If you want the user on server2 to provide a password to log in on server1, then don't have any entry in authorized_keys for that user and "user" will always be prompted for a password. The concept is that an entry in authorized_keys is a trusted user on a trusted server.

All times are GMT -5. The time now is 12:52 PM.