Ssh – risk of using ssh public keys

ssh

I have server A and server B(backup), and I was wondering, if somebody breaks into server A, could this be potentially dangerous to break into server B if I have configured passwordless login using ssh public keys?

I'm trying to setup rsnapshot.

Thanks

Best Answer

Yes, this is one of the problems with passwordless SSH keys. If you store a private key on server A that allows you to connect to server B, gaining access to server A is effectively gaining access to server B. (Not the reverse is not true - gaining access to server B wouldn't result in an immediate compromise of server A, assuming you didn't also have SSH keys set up to allow passwordless logins in that direction.

There are a few things you can do to mitigate this:

If the process doesn't need to be fully automated, add a password to your SSH keys. (This probably won't work for you, since you note it's for a backup)
For passwordless logins under your own account to multiple machines, I recommend creating a passworded key for each machine you physically type on, and use an SSH agent to store the key in-memory while you use it. Agent forwarding should allow you to "hop" from host to host without creating keys on each remote host.
For automated, passwordless SSH keys, I recommend restricting the commands the key can run. In your authorized_keys file, prefix your each key with:
command="<allowed command line here>",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

8-9 years ago I worked in an shared user environment with hundreds of local users, and SSH key-based logins were disabled because there was no way to enforce password policies on the keys. So long as you're controlling the scenario fully, nowadays SSH keys are definitely better than just using passwords.

Related Solutions

SSH using public keys is not working

If you could copy/paste the lines from your log that you saw, that would help. A few guesses in the mean time:

Make sure that your permissions are correct.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

If you're trying to authenticate as root, you might need the following in your sshd_config:

PermitRootLogin without-password

I discovered this while setting up a Barracuda backup system for backing up a FreeBSD host. (On FreeBSD, its in /etc/ssh/sshd_config.)

Ssh – Multiple public keys for one user

You can have as many keys as you desire. It's good practice to use separate private/public key sets for different realms anyway, like one set for your personal use, one for your work, etc.

First, generate two separate keypairs, one for home and one for work:

ssh-keygen -t rsa -f ~/.ssh/id_rsa.home
ssh-keygen -t rsa -f ~/.ssh/id_rsa.work

Next, add an entry to your ~/.ssh/config file to pick the key to use based on the server you connect to:

Host home
Hostname home.example.com
IdentityFile ~/.ssh/id_rsa.home
User <your home acct>

Host work
Hostname work.example.com
IdentityFile ~/.ssh/id_rsa.work
User <your work acct>

Next, append the contents of your id_rsa.work.pub into ~/.ssh/authorized_keys on the work machine, and do the same for the home key on your home machine.

Then when you connect to the home server you use one of the keys, and the work server you use another.

Note you probably want to add both keys to your ssh-agent so you don't have to type your passphrase all the time.

Best Answer

Related Solutions

SSH using public keys is not working

Ssh – Multiple public keys for one user

Related Topic