You can have as many keys as you desire. It's good practice to use separate private/public key sets for different realms anyway, like one set for your personal use, one for your work, etc.
First, generate two separate keypairs, one for home and one for work:
ssh-keygen -t rsa -f ~/.ssh/id_rsa.home
ssh-keygen -t rsa -f ~/.ssh/id_rsa.work
Next, add an entry to your ~/.ssh/config
file to pick the key to use based on the server you connect to:
Host home
Hostname home.example.com
IdentityFile ~/.ssh/id_rsa.home
User <your home acct>
Host work
Hostname work.example.com
IdentityFile ~/.ssh/id_rsa.work
User <your work acct>
Next, append the contents of your id_rsa.work.pub
into ~/.ssh/authorized_keys
on the work machine, and do the same for the home key on your home machine.
Then when you connect to the home server you use one of the keys, and the work server you use another.
Note you probably want to add both keys to your ssh-agent
so you don't have to type your passphrase all the time.
You could do that with ssh-keygen
, however, remember that the private key is meant to be private to the user so you should be very careful to keep it safe- as safe as the user's password. Or even safer, as the user is not likely to be required to change it upon first login.
ssh-keygen -f anything
creates two files in the current directory. anything.pub
is the public key, which you could append to the user's ~/.ssh/authorized_keys
on any destination server.
The other file, just called anything
is the private key and therefore should be stored safely for the user. The default location would be ~username/.ssh/id_rsa
(here named id_rsa
, which is default for rsa keys). Remember that the .ssh
directory cannot be readable or writeable by anyone but the user, and the user's home directory cannot be writeable by anyone but the user. Likewise, permissions must be tight on the private key, as well: Read/write for only the user, and the .ssh directory and private keyfile must be owned by the user.
Technically you could store the key anywhere. With ssh -i path/to/privatekey
you could specify that location, while connecting. Again, proper ownership and permissions are critical and ssh will not work if you don't have them right.
Best Answer
I'm not sure what you mean. You mean you can't login as root with your public_key? If so check /root/.ssh/authorized_keys
Have also look at /etc/ssh/sshd_config It should contain: