I need to connect to multiple servers from multiple devices via SSH. I'm wondering if I should be creating a new id_dsa file on each device I'm connecting from, or if there isn't a problem copying the same id_dsa file to each device.
For instance, I have my primary Ubuntu-based desktop system and a MacBook Pro with ssh. And I have a Windows based Netbook with Putty installed. And I have an Android phone with ConnectBot. From any one of these devices, I might need to SSH in to dozens of different physical and virtual servers.
Each server needs my public key installed. Also, my GitHub and Codaset accounts require my public key.
To simplify key management, I'm thinking of using the same private key on all of these systems. Is this common practice, or is it better to have a private key on each system?
Best Answer
If you use the same public key on each system and the private key becomes compromised, then any system using that key, barring other restrictions, will be accessible.
I trust you are using password protected private keys?
In our management practice, we have low, medium and high security "roles". Each role uses a different key. High security private keys are never to be transmitted to external assets, used on laptops that could be lost/stolen, etc. Medium and low security keys can be deployed in a wider range of scenarios.
I suggest examining your usage patterns and see what makes since in terms of security roles. What is the damage done by getting your private key?
Have you considered placing your SSH private key onto a hardware device from which it cannot be stolen, removing the potential compromise of the key into a non-issue?
Both hardware security modules and smart cards can be used to store SSH private keys in a secure manner, enabling all cryptographic operations to be performed on the device, rather than on your operating systems. However, they are not a panacea, as these require backup hardware devices also, in case of a hardware failure.