Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Ssh keys
New on LowEndTalk? Please Register and read our Community Rules.

Ssh keys

I was using password based authentication to connect to my linux server. Started using key based access and removed password login. I have 2 other vps which I plan to move to key based.

If for some reason I lose my private key, how can I connect to my server ang gain access? Should I keep same private key on all my servers?

Am I missing something here? Or there are key management tools available?

Please guide me. Thanks

Comments

  • Use provider's VNC to restore access.
    You can use one private key to access all servers that have corresponding authorized public key. That's no problem

  • backup your private key. you should be making regular backups of your files

    if worst comes to worst you can always use solusvm to get shell access to the server and change ssh config from there.

    also you install the public key on the server not the private key. just saying.

  • MikeAMikeA Member, Host Rep
    edited July 2018

    With a VPS you're (probably) fine losing the key. You can VNC into the VPS via your provider like Choco said, if you can't for some reason or it isn't available some hosts will fix it for you with permission to access your server.

    • On VPS, no problem if you lose your key. You can always access your server via your provider's virtual terminal.
    • You could use single key for all your VPSes.
  • ajh76ajh76 Member

    I generate multiple key pairs - one for each device I intend to login from (laptop, desktop, phone).

    Also makes it easier to revoke if one of my keys got leaked.

  • Gen one keypair per machine you own : desktop, laptop, phone, tablet.

    add two or more of the public keys from these to each machine you need to login to (%HOME%/.ssh/authorized_keys)

  • if you have disabled root access from ssh and don't have a VNC plus you lost your ssh keys to access your server. Then its a problem for you. Its better to add another user with root privileges and backup your private key at a secure place.

  • @AlphaNinevps_com said:
    if you have disabled root access from ssh and don't have a VNC plus you lost your ssh keys to access your server. Then its a problem for you. Its better to add another user with root privileges and backup your private key at a secure place.

    Hmm, nice suggestion. Thanks.

    @vimalware said:
    Gen one keypair per machine you own : desktop, laptop, phone, tablet.

    add two or more of the public keys from these to each machine you need to login to (%HOME%/.ssh/authorized_keys)

    This I like. Thanks

    @ajh76 said:
    I generate multiple key pairs - one for each device I intend to login from (laptop, desktop, phone).

    Also makes it easier to revoke if one of my keys got leaked.

    Can I ask how does one revoke the key?

    @Abdussamad said:
    backup your private key. you should be making regular backups of your files

    if worst comes to worst you can always use solusvm to get shell access to the server and change ssh config from there.

    also you install the public key on the server not the private key. just saying.

    Thanks all.

  • ajh76ajh76 Member

    @plumberg said:

    @ajh76 said:
    I generate multiple key pairs - one for each device I intend to login from (laptop, desktop, phone).

    Also makes it easier to revoke if one of my keys got leaked.

    Can I ask how does one revoke the key?

    Sorry, wrong term. Not really revoking it, but just removing the corresponding line in authorized_keys

    Thanked by 1vimalware
  • @ajh76 said:

    @plumberg said:

    @ajh76 said:
    I generate multiple key pairs - one for each device I intend to login from (laptop, desktop, phone).

    Also makes it easier to revoke if one of my keys got leaked.

    Can I ask how does one revoke the key?

    Sorry, wrong term. Not really revoking it, but just removing the corresponding line in authorized_keys

    Ahh, makes sense. Thnx

  • seanhoseanho Member

    sshd can also do a key revocation list (RevokedKeys in sshd_config) if you need it.

    Thanked by 2vimalware ajh76
Sign In or Register to comment.