I created a server, and configured SSH to not allow root login and disable password access, so only accepts an SSH key to login.
I have a machine A with a key, and I can access my server from that machine without any problems.
Also have a backup of those keys, just in case.
Let's say my machine A dies tomorrow and I got a new machine B, and of course need to access my server.
Here I don't know how things work. Should I just copy the keys from my backup to machine B and that will allow me to access my server? Or should the keys be imported via some OpenSSH command?
So my first doubt is about the backup import, because I'm afraid to completely lose access to my server.
The second is about the passphrase I set for my keys on machine A. Is that still valid for my copied keys? Or through the import I need to set a new passphrase on the new machine.
Thanks.
Best Answer
SSH key has two parts:
You can move both parts freely as you wish, although I wouldn't recommend you to place the private part publicly (even encrypted).
The private part is placed on any of your local machines in ~/.ssh/ directory. The expected key names are
If your key has one of the respective names you are good to go. If you need to use some specific key you have to use parameter -i
The same is for the public - server - part. In the users home directory must exist a file ~/.ssh/authorized_keys. This file contains all publc keys, that are allowed to login as the user - one per line. The comment part can be omitted.
That said on any server you would like to use any of your SSH keys, copy the public part on a new line in authorized_keys file.
I'd advise you to study the manual page of SSHD (man sshd), especially part "AUTHORIZED_KEYS FILE FORMAT".
Also i think that I also should warn you that there are some rules for filesystem permissions for the home directory, ~/.ssh directory and the ~/.ssh/authorized_keys file as stated in the sshd manual page, in short it canot be writable by others.