Home / server / Questions / 1057895
In Process
vespino
Asked: 2021-03-23 10:26:49 +0800 CST

Public/private key

  • 772

I just watch this video https://youtu.be/ZhMw53Ud2tY and the question I have is if I have to generate a public/private key pair for each server I’m looking to login to or if I just generate one pair and use that for each server. Somehow that last option seems to be like using the same password for each account.

Is it wise to store the keys in a password manager btw? I’m using keepass as password manager.

public-key private-key

2 Answers

  1. If you:

    • Keep your private key only on your workstation(s) (good ol' common sense)
    • Put a good passphrase on your private key (protects you from a hacker stealing your private key)
    • Use and configure agent forwarding properly (reduces the need to keep your private key on other devices)

    you should not need a keypair per server.

    Think about it - should your workstation be compromised, the hacker is going to take all your keys - whether it's 1 pair or 20 pairs for 20 servers you log into.

    • 1

  2. if I have to generate a public/private key pair for each server

    Well, if you do not do this, are you ok that a hacker taking over one server has access to them all? We can not define what your risk profile looks like.

    Somehow that last option seems to be like using the same password for each account.

    Because it is, just more complicated - keys generally are not "Password" :)

    Is it wise to store the keys in a password manager btw?

    Wrong question. Is it POSSIBLE? Because Keys normally are SIGNIFICANTLY longer than passwords and a pw manager with a length limit... may simply not work.

    • -1