- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- ssh question
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-08-2010 10:44 AM
09-08-2010 10:44 AM
ssh question
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-08-2010 11:17 AM
09-08-2010 11:17 AM
Re: ssh question
ssh-keygen -i -f filename >> authorized_keys
This will allow you use the same key on multiple machines.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-08-2010 11:22 AM
09-08-2010 11:22 AM
Re: ssh question
Is it a good idea to do so?
No. You're killing your security. If any gets just one of your keys all systems with that user are compromised.
Make a key for each user.
BUT! A DR machine is different. If that DR machine is essentially the other host "rebuilt" on the fly (scripted, recovered, mirroed, etc), then using the whole environment including keys is generally the expected idea to come up quickly at DR site.
So, yes and no, but in this case - for DR, the answer is probably yes, depending of course.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-08-2010 12:24 PM
09-08-2010 12:24 PM
Re: ssh question
ssh-keygen generates a pair of keys keys: A private key (e.g. .ssh/id_rsa) and a corresponding public key (e.g. .ssh/id_rsa.pub). The private key must be kept secret and stored in a secure manner by the key's owner. The public key may be distributed freely to any system to which the owner requires access. The public key, on its own, is useless - only the holder of the private key can use it.
For automated processes you have little option but to maintain multiple private keys - and each server should have it's own instances of those key (certainly in the Active/DR example). But there are more secure ways of managing keys.
SSH provides a powerful tool for minimising the number of keys required by individual users for interactive access to multiple keys. Forward Authentication. In this type of setup each individual maintains a single instance of a personal private key (I keep mine on a USB stick) and distributes the corresponding public key to every system that he or she requires access to. Forward Authentication validates the keys back to the original source... even allowing multi-hop access accross any number of systems. Such a setup can also be used for automated processes - but in the case of a DR you may lose access to a single instance of the private key.
In my situation, my private key follows me everywhere I go (literally; it is in my pocket!). With a product such as PuTTY (also kept on my USB stick) and given any suitable desktop PC, I can access all my servers from almost anywhere. And my private key does not have to be stored on any of them.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP