- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- ssh question
Operating System - HP-UX
1753393
Members
7326
Online
108792
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-08-2010 10:44 AM
тАО09-08-2010 10:44 AM
ssh question
if i generate ssh keys on a local machine to a remote machine - can i use the same key on aother box (and if the remote system puts the key in as "valid" for the second box in their authorized_keys file") - will this work? We are investigatine for a DR machine. Thanks
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-08-2010 11:17 AM
тАО09-08-2010 11:17 AM
Re: ssh question
If you used ssh-keygen -t rsa ..., then you should have generated a file named id_rsa.pub. You can copy this file to another server and then use the command:
ssh-keygen -i -f filename >> authorized_keys
This will allow you use the same key on multiple machines.
ssh-keygen -i -f filename >> authorized_keys
This will allow you use the same key on multiple machines.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-08-2010 11:22 AM
тАО09-08-2010 11:22 AM
Re: ssh question
Yes Micheal, you can use the same key for the same user across multiple machines.
Is it a good idea to do so?
No. You're killing your security. If any gets just one of your keys all systems with that user are compromised.
Make a key for each user.
BUT! A DR machine is different. If that DR machine is essentially the other host "rebuilt" on the fly (scripted, recovered, mirroed, etc), then using the whole environment including keys is generally the expected idea to come up quickly at DR site.
So, yes and no, but in this case - for DR, the answer is probably yes, depending of course.
Is it a good idea to do so?
No. You're killing your security. If any gets just one of your keys all systems with that user are compromised.
Make a key for each user.
BUT! A DR machine is different. If that DR machine is essentially the other host "rebuilt" on the fly (scripted, recovered, mirroed, etc), then using the whole environment including keys is generally the expected idea to come up quickly at DR site.
So, yes and no, but in this case - for DR, the answer is probably yes, depending of course.
We are the people our parents warned us about --Jimmy Buffett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-08-2010 12:24 PM
тАО09-08-2010 12:24 PM
Re: ssh question
I agree with most of what has been said here. But it is important to understand how (Private Public Keys) PPK keys work.
ssh-keygen generates a pair of keys keys: A private key (e.g. .ssh/id_rsa) and a corresponding public key (e.g. .ssh/id_rsa.pub). The private key must be kept secret and stored in a secure manner by the key's owner. The public key may be distributed freely to any system to which the owner requires access. The public key, on its own, is useless - only the holder of the private key can use it.
For automated processes you have little option but to maintain multiple private keys - and each server should have it's own instances of those key (certainly in the Active/DR example). But there are more secure ways of managing keys.
SSH provides a powerful tool for minimising the number of keys required by individual users for interactive access to multiple keys. Forward Authentication. In this type of setup each individual maintains a single instance of a personal private key (I keep mine on a USB stick) and distributes the corresponding public key to every system that he or she requires access to. Forward Authentication validates the keys back to the original source... even allowing multi-hop access accross any number of systems. Such a setup can also be used for automated processes - but in the case of a DR you may lose access to a single instance of the private key.
In my situation, my private key follows me everywhere I go (literally; it is in my pocket!). With a product such as PuTTY (also kept on my USB stick) and given any suitable desktop PC, I can access all my servers from almost anywhere. And my private key does not have to be stored on any of them.
ssh-keygen generates a pair of keys keys: A private key (e.g. .ssh/id_rsa) and a corresponding public key (e.g. .ssh/id_rsa.pub). The private key must be kept secret and stored in a secure manner by the key's owner. The public key may be distributed freely to any system to which the owner requires access. The public key, on its own, is useless - only the holder of the private key can use it.
For automated processes you have little option but to maintain multiple private keys - and each server should have it's own instances of those key (certainly in the Active/DR example). But there are more secure ways of managing keys.
SSH provides a powerful tool for minimising the number of keys required by individual users for interactive access to multiple keys. Forward Authentication. In this type of setup each individual maintains a single instance of a personal private key (I keep mine on a USB stick) and distributes the corresponding public key to every system that he or she requires access to. Forward Authentication validates the keys back to the original source... even allowing multi-hop access accross any number of systems. Such a setup can also be used for automated processes - but in the case of a DR you may lose access to a single instance of the private key.
In my situation, my private key follows me everywhere I go (literally; it is in my pocket!). With a product such as PuTTY (also kept on my USB stick) and given any suitable desktop PC, I can access all my servers from almost anywhere. And my private key does not have to be stored on any of them.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP