ssh clarification needed
Bill Davidsen
davidsen at tmr.com
Tue Jan 6 19:25:27 UTC 2009
Todd Zullinger wrote:
> Kevin Kofler wrote:
>> * authentication keys - those are what you use to log in instead of
>> a password. They're one per user and machine unless you explicitly
>> copy the private key to a different machine or user account
>> (something you normally shouldn't do
>
> I presume you mean only the latter part (copying the private key to
> another user account) is something that you shouldn't do?
>
There is no "the" private key, you can create as many public/private pairs as
you find useful. You can also have any number of keys in authorized keys, each
of which is associated with a single command rather than a shell. This allows
many systems which have copies of a given private key to execute a single
command on a remote system over an encrypted link. The uses for this are limited
only by your imagination.
> I share the same ssh private key between my desktop server and my
> laptop (both as the same user). I don't see much reason to have two
> separate keys for that.
>
Maybe. On the other hand, you could have a unique key for each, and use a shared
private key via the "-i" option to perform normal operations, while preserving
the ability to have distinct keys for connection to some other systems.
It depends on what you find useful.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the fedora-list
mailing list