Is it a bad idea to use the same private ssh key on multiple computers?

Is it a bad idea to use the same private ssh key on multiple computers?

I recently bought a laptop from which I need to access the same remote hosts that I do from my desktop. It occurred to me that it might be possible to simply copy the private key file from my desktop to my laptop and avoid having to add a new key to the ~/.ssh/authorized_keys files on all the hosts I want to access. So my questions are:

Asked by: Guest | Views: 206

Total answers/comments: 1

Comments display order:

Guest [Entry]

"Yes, this is possible. Your private key isn't tied to a single machine.

Not sure what you mean by non-obvious, that's often subjective ;). It's not a bad idea at all if you make sure you have a very strong passphrase set, 20 characters at least.

There are no issues about connecting with the same key as your desktop. I would set up an ssh agent for your key on the laptop, and forward the agent to the desktop, so you'll be using that key on other systems you access from there.

From the ssh-agent man page on a Linux system:

ssh-agent is a program to hold private keys used for public key
authentication (RSA, DSA). The idea
is that ssh-agent is started
in the beginning of an X-session or a login session, and all other
windows or programs are started as
clients to the ssh-agent
program. Through use of environment variables the agent can be
located and automatically used for
authentication when logging in
to other machines using ssh(1).

You would run this on your laptop, either the ssh-agent program on Linux/Unix (it comes with OpenSSH), or with puTTY agent if you're using Windows. You do not need the agent running on any remote systems, it purely keeps your private key in memory on the local system so you only have to enter your passphrase one time, to load the key in the agent.

Agent forwarding is a feature of the ssh client (ssh or putty) that simply persists the agent through to other systems through the ssh connection."