(www.agwa.name)

637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0.208s | source

Show context

kybernetyk ◴[13 Nov 21 10:48 UTC] No.29208914[source]▶

>>29208518 (OP) #

So a little offtopic but I’m still curious: how do you handle multiple machines and SSH keys? I mean do you run ssh-keygen on a new machine and have for each computer a separate key pair or do you have one key pair that you copy on every new machine?

I have seen both and using one key pair looks very convenient but also makes me feel a little uneasy.

I myself have a key pair for each of my machines.

How do you handle it?

replies(5): >>29208933 #>>29209007 #>>29209086 #>>29209300 #>>29209370 #

1. ttyprintk ◴[13 Nov 21 12:42 UTC] No.29209370[source]▶

>>29208914 #

With ssh-agent, up to five secret keys are tried (that’s a magic number on the server side). After five, I guess you must specifically maintain which secret key is used for each host or hostname pattern.

If you frequently move between workstations, maybe look into the new hardware key features (Circ’s version 8.3). If you have multiple users that all connect to the same account, a SSH CA (circa version 7.4) would permit new access without needing to constantly modify server-side authorized_keys.

↑

Sign arbitrary data with your SSH keys