ssh use 2 different .pub for 2 different servers always asking ALL times for passphrase

Support for security such as Firewalls and securing linux
GioMBG
Posts: 16
Joined: 2012/02/27 00:28:14
Location: Conthey Suisse
Contact:

ssh use 2 different .pub for 2 different servers always asking ALL times for passphrase

Postby GioMBG » 2017/09/13 22:43:34

Hi All,
SSH: I just take a new server and I would like to understand if I can setup 2 keys to login into the 2 different machines ALWAYS make ssh ask for the passphrase and pointing automatically to the right key... es. keya to server a and key b to server b ( with 2 different passphrase ) is possible ?
always thanks
Gio

hunter86_bg
Posts: 759
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: ssh use 2 different .pub for 2 different servers always asking ALL times for passphrase

Postby hunter86_bg » 2017/09/14 04:25:39

I'm not sure if you want to set 2 different keys for 2 servers.
If so - it is doable via creation of

Code: Select all

~/.ssh/config

Note:in the config you should point to the private key (not the one ending on '.pub').

User avatar
jlehtone
Posts: 1852
Joined: 2007/12/11 08:17:33
Location: Finland

Re: ssh use 2 different .pub for 2 different servers always asking ALL times for passphrase

Postby jlehtone » 2017/09/14 06:06:46

Yes, you can create multiple keypairs. If you do use ssh-keygen, then give it the -f option and specify unique filename for each keypair.

The ssh-agent can hold tickets for all keypairs and ssh would try them all for each connection, but your "always" implies that you will prefer the ssh_config.

GioMBG
Posts: 16
Joined: 2012/02/27 00:28:14
Location: Conthey Suisse
Contact:

Re: ssh use 2 different .pub for 2 different servers always asking ALL times for passphrase

Postby GioMBG » 2017/09/14 07:15:31

thanks to ALL,
I make this file by myself: /home/gio/.ssh/config because don't was there :

Code: Select all

Host site a
    HostName pippo.eu
    IdentityFile ~/.ssh/id_ecdsa_a
    User gio

Host site b
    HostName pippo.com
    IdentityFile ~/.ssh/id_ecdsa_b
    User gio
and I don't know what I wrong but in all the two machines was possible to login without pass-phrase,
sure because I joke around ssh-agent and I make the problem...
I re-do all the procedure making new id_ecdsa as :

Code: Select all

ssh-keygen -b 521 -t ecdsa -C"$(id -un)@$(hostname)-$(date --rfc-3339=date)"
for both machines and re-exporting the key on the machines as

Code: Select all

ssh-copy-id root@pippo.com
getting an error that say the key was just imported so the result is that in the machine ( b ) I can login normally as I want so using the pass-phrase but in the machine a, at now, is impossible to use the key and the only way to enter is the normal ssh root passwd ( REALLY happy to not leave the root login from the machine as long I make these "experiments" )
so now I would like to understand what I have do to make also the first machine like the second...
always thanks
Gio