Home / server / Questions / 170682
Accepted
Yarin
Asked: 2010-08-16 05:35:31 +0800 CST

Using Same SSH Private Key Across Multiple Machines

  • 772

I've got a Github repo I want to access from two different Linux machines.

For the first machine, I followed Github's instructions for generating SSH keys, and added the resulting public key to Github. This client works fine.

For the second client, I copied the /home/{user}/.ssh/id_rsa file from the first client. I thought this might be all I had to do, but when I try to connect I get 'Permission denied (publickey).'

What am I missing?

linux ssh github

4 Answers

  1. Best Answer

    The same SSH key should be able to be used from multiple clients. I have different SSH keys for different networks and they're actually stored on an encrypted USB drive that I use from several different computers without a problem.

    SSH is very picky about file permissions so I would first check all the permissions from /home/{user} all the way down to the id_rsa file itself.

    SSH does not really care for group or world write permissions so make sure you chmod go-w your home directory and the ~/.ssh directory for starters. I'd also make sure they're owned by your user chown ${USER}:${USER}.

    For the SSH key itself I chmod 600 them...

    If you want I've have additional info on how I manage my SSH keys in my answer to another SSH question.

    • 51

  2. If you're getting permission denied from Github's end, it could be that it's not picking up your copied SSH key file, but rather the system default. An easy way around this is to great a ~/.ssh/config file and put the following in it:

    Host github.com
  Hostname      github.com
  User          git
  IdentityFile  ~/.ssh/yourkeyfile

    This will force your SSH client to use that key for github.com only.

    Hope this helps.

    • 10

  3. I know this is old, but thought I'd point out that you also need to copy the public key to the second client

    (or recompute it with ssh-keygen -y -f ~/.ssh/id_rsa_.. > ~/.ssh/id_rsa...pub)

    From 1:

    1. Public Key Authentication Method: "publickey"

    The only REQUIRED authentication 'method name' is "publickey"
    authentication. All implementations MUST support this method;
    however, not all users need to have public keys, and most local
    policies are not likely to require public key authentication for all
    users in the near future.

    With this method, the possession of a private key serves as
    authentication. This method works by sending a signature created
    with a private key of the user. The server MUST check that the key
    is a valid authenticator for the user, and MUST check that the
    signature is valid. If both hold, the authentication request MUST be
    accepted; otherwise, it MUST be rejected. Note that the server MAY
    require additional authentications after successful authentication.

    Your ssh client begins the authentication by sending the public key (the signature referenced in bold above) to the server. The server, if the public key is an authorized key, sends a random session ID back to your client. Your client then encodes that session ID with the private key and sends that back to the server. The server decodes that session ID using the public key, and if it matches the original session ID, then authenticates your client.

    https://www.openssh.com/txt/rfc4252.txt

    • 4

  4. It's probably because you did not copy the permission of the file on the second client.
    But a private key is private, the right way is to create a new private key on the second client and then add its public key to Github

    • 0