Home / ubuntu / Questions / 88712
Accepted
karthick87
Asked: 2011-12-19 07:55:36 +0800 CST

How do I backup ssh keys?

  • 772

I am planning to do a fresh install of ubuntu 11.10 in my system. Before that i have setuped key based ssh authentication in this machine. Is it possible to take backup of those ssh keys, so that i can use that in my new installation. Or else i must setup keybased ssh authentication again? If i can take backup, what are the files i need to copy? Can someone explain it in detail pls. Thanks in advance.

ssh

3 Answers

  1. Best Answer

    Responding to SSH only... yes, you can keep your keys.

    I can't think of any topic on which to expound about that, though. It is straight forward: if your username is karthick, then the keys are located in a hidden directory here: 

    /home/karthick/.ssh

    or

    ~/.ssh

    The id_rsa.pub file contains the public key used to authenticate. But there are other files to keep - all of them, really, such as known_hosts for example. The MOST IMPORTANT is id_rsa (note the lack of .pub) as this is your private key. Back up each user. For example, if you set up SSH for root, get /root/.ssh as well. And so on for as many accounts as you have for this reason.

    • 45

  2. Cryptographic keys which you may want to backup.

    • ~/.gnupg/*
    • ~/.pki/nssdb/*
    • ~/.gnome2/keyrings/*
    • ~/.ssh/*
    • /usr/local/apache2/conf/ssl.crt/server.crt
    • /usr/local/apache2/conf/ssl.key/server.key
    • /etc/ssh/*
    • /etc/ssl/private/*
    • /etc/cups/ssl/*
    • 39

  3. Each user has a directoy ~/.ssh, which typically contains the following files:

    1) id_dsa             private key of this user (different filename for rsa keys)
1) id_dsa.pub         public key of this user
2) authorized_keys    public key of other users (or same user on other machines)
   config             personal configuration
   known_hosts        host keys of other machines

    Additionally, in /etc/ssh/, you will find:

    3) ssh_host_dsa_key
3) ssh_host_dsa_key.pub
3) ssh_host_rsa_key
3) ssh_host_rsa_key.pub

    Those are the host keys, keys identifying this computer.

    You certainly want to backup all private and public keys. We call the machine in question home and the user user@home. Same person has an account user@remote and uses key-based login in both directions. What would happen if you loose any of the key files:

    1. You loose the identity of user@home. ssh user@remote from home will no longer work with key based auth.
    2. user@remote loose the right to login to home with his key. ssh user@home will no longer work from remote with key based auth.
    3. You loose the identity of the host. user@remote will see a warning that host keys have changed when trying ssh user@home. Depending on the configuration this will prevent him from logging in.
    • 10