What dangers are there in storing my private key on different servers?

Question

This question is specifically concerned with storing keys in the cloud, and is somewhat applicable.

But I've got a laptop and a desktop computer at home - I'm the admin on both of those systems, and of course have my .ssh directory/contents read/writable by only me.

I also have another server @ my dad's house, where I'm an admin. And a few of my friends also have servers where I have accounts.

The obvious concern (as I've looked around questions here) is that if either my friend or his box was compromised, then the attacker would have my key. Obviously they can now try to brute force/dictionary attack my private key.

Obviously I want to be able to access these systems without having to provide a password, and frequently I make HostA -> HostB -> HostC type connections. Should I be generating a new private key for each of these hosts? Or at least the hosts that are not directly under my control?

Answer 1

Add the ForwardAgent option to your SSH configuration.

$ echo "ForwardAgent yes" >> ~/.ssh/config

This enables you to use authentication credentials from your public/private keypair without actually storing them on the other machines. SSH will "just work".

The one downside to this approach is that if there is an attacker on one of those machines who can bypass file permissions (e.g., as root), he can potentially authenticate to other machines using your private key (however, he cannot actually get the contents of your private key). Of course, this is still better than having stored your keys on the server, but it's worth knowing about if you expect the machine will be broken into (e.g., a honeypot).