SSH – do I have multiple keys for different purposes or one key that represents my system?
I’m not too sure about this, If I look in the contents of ~/.ssh/ I have a few files in there, I’m just about to setup a key for use with BitBucket.
I’m not sure if I’m meant to have multiple keys for different purposes or if I should have one key that is used for lots of things to identify me.
2 Solutions collect form web for “SSH – do I have multiple keys for different purposes or one key that represents my system?”
Anyway, the first thing you need is to create a pair of private and public ssh keys. It could be done by executing
ssh-keygen command in the terminal.
To be short – the public key (
id_rsa.pub) is used by the third-party servers and services like BitBucket to identify you. So you need to provide them this information. For example, add a public key to BitBucket account settings.
The same private/public keys pair could be used by multiple servers and services to identify you at the same time so usually you don’t need to create multiple pairs.
I use one key per workstation. On each workstation, I generate a new public/private key pair, and then add that to the authorized keys file (or GitHub/Bitbucket account) of all of the machines I need to interact with via SSH.
That way, if my machine is lost, stolen, or I need to replace the hard drive, I can just de-authorize that one machine by deleting its public key from all of the services, while not needing to rotate my keys on all machines.
I have never found a good reason to create a separate key pair per service on a given workstation; that just increases the management overhead without much tangible benefit. You might do it if you were very privacy minded, and didn’t want separate services to correlate your keys, but if you’re that privacy minded you should already be accessing everything through Tor and probably have entirely separate accounts for each to avoid leaking any information at all.