Public key management

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a couple of systems to which I want to authenticate via SSH. For
example, 5 are physically my own servers at home, two of them are
VServers but also my own and then I have access to some other SSH
systems not under my control (work, university, friends...).

Until now, I created a keypair for each system and $root@$fqdn as
comment. All keys are in encrypted with a passphrase and are loaded into
the SSH agent (here: peageant.exe). The password is always the same
because I want to enter the password only once.

I thought this is a good idea but now I get more and more "Too many
authentication failures for $user" messages. This is because I have
loaded many public keys and all of them are tried.

Now I am unsure if this is a good idea. Would it be better to just use a
*single* public key for all systems (given that I am sure my private key
can't be compromised)? Or split them? Using which criteria?

What is the best practice of handling SSH keys in my situation?

Best regards,

Re: Public key management

Quoted text here. Click to load it

With a relatively recent version of the PuTTY tools (0.59 or later),
you can continue with your current strategy. If, for each of your
servers, you specify the path to the appropriate key file in the PuTTY
configuration for that server, but Pageant is running and has the key
loaded, PuTTY will use Pageant for authentication but will only try
that key, avoiding the "too many authentication failures" problem.

Re: Public key management

Jacob Nevins schrieb:
Quoted text here. Click to load it

Hmm, I see. But this is actually not what I want (because I there is one
more place where I have to configure things).

What is the "best practice" of handling SSH keys? How do you handle
them? One key for all hosts? One key for each host? Or a combination?


Site Timeline