Is it reasonable to have multiple SSH keys?

45

15

So far I've created a separate SSH key for each server I need to login to (for each purpose, to be more accurate). I did it out of a sense of security, just like different passwords to different sites.

Does having multiple SSH keys actually improve security? All of them are used from the same machine, are located in the same ~/.ssh, most even have the same passphrase.

So... should I give up the whole system and just use one SSH key for everything?

[UPDATE 2015-08-05] Github publishes your public key, and your SSH client may send all of your public keys to every server, depending on configuration, thusly, if you are concerned with a 3rd party SSH server knowing your identity when connecting, you should use multiple SSH keys, though in my opinion it is paranoid.

Leonid Shevtsov

Posted 2010-03-18T09:59:37.147

Reputation: 790

This question may fit better on [Security.SE]. – gerrit – 2019-02-06T12:57:23.837

Answers

25

SSH keys use public-key cryptography. That means that what you're installing on all those servers is just your public key, which you want the whole world to know. The only actual secret is your private key that you keep locked down on your own machine. So yeah, I'd say you're wasting your time.

Spiff

Posted 2010-03-18T09:59:37.147

Reputation: 84 656

20I think there are valid reasons to have separate keys, and this would not be a waste of time. In the case of a compromised key, the risk with this is reduced. The password should be different for each key, I agree. – jfmessier – 2010-03-18T16:19:58.740

Is it reasonable to have different keys pairs on different machines? Like different instances of VirtualBox OSes? – Santosh Kumar – 2017-07-20T09:42:20.330

1This answer ignores the concept of defence in depth, because it places reliance on "your private key that you keep locked down on your own machine". Consider for example what happens if your laptop is stolen while (one of) your private key(s) is being used by ssh-agent. If you have multiple keys, then any that were still encrypted are safe. I wouldn't call that a waste of time. – Jon Bentley – 2019-01-22T20:49:06.220

35

Ultimately this is up to you. You need to evaluate your threat model. How likely is it that one of your keys is compromised? If one key is compromised, how likely is it that the other keys will be compromised? What are the consequences of your keys being compromised? What is the cost (including time) of managing multiple keys?

Considering factors such as these should help you decide if you really need separate keys. On my personal machines on my local network I usually don't bother with extra overhead in trying to manage multiple keys. However, outside of my network I would use different keys each with a unique passphrase. But that is just my personal opinion.

heavyd

Posted 2010-03-18T09:59:37.147

Reputation: 54 755

8+1 for "evaluating the threat model". This is just the point. – sleske – 2010-05-17T08:45:53.300

21

No it is not a waste of time to use more than one key.

More diversity == less risk.

That statement of Spiff's is incorrect.

The point is the public key grants access to the private key holder and no one else.

The risk to be concerned about here is authentication. A rogue site forwards authentication requests to your agent task. If you use only one key, then even when only one key is loaded in your agent, all sites are open to the rogue.

This has nothing to do with the passphrases, you could have several keys with the same passphrase that would make no difference here. Because it is not the passphrase that is compromised.

The rogue forwards challenges to your agent and can connect to all sites for which you have keys loaded. With different keys, one key loaded -> one site at risk.

I say good for you, you picked other peoples privacy over your own laziness.

P.S. the moral of the story is be wary of agent forwarding

pbernatchez

Posted 2010-03-18T09:59:37.147

Reputation: 1 501

Suppose I generate three SSH keys, one for each of three servers I log in to regularly. One day, after I've already logged in to all three (meaning that ssh-agent has cached the passphrases for all three keys), then by your argument, if my ssh-agent becomes compromised, all three log ins are compromised. In such a case, having multiple SSH keys has not protected me. Have I understood you correctly? – sampablokuper – 2011-04-23T06:17:26.730

10

I think there is one good use-case for multiple public keys, and that's if you have private keys stored on computers in different areas of trust. So I generally keep one key that is my "work" key, and another that is my "home" key, simply because the private key for my "home" stuff is not stored on my work computer and vice versa.

krosenvold

Posted 2010-03-18T09:59:37.147

Reputation: 6 237

Great answer, if you have different machines with different keys, perfect. If one (or multiple) machines all have the same keys, well, you're not protecting yourself from anything extra vs just having a single key. If one is compromised all the rest on that machine are as well. – xref – 2016-02-02T20:53:38.640

3

I think reasonable can be considered from two different angles: security and convenience.

When we create a SSH key pair, we are asked for providing a passphrase to add a more layer to protect the private-key, as following:

$ ssh-keygen -t rsa -b 4096 -C 'With_OR_Without_Passwd'
Generating public/private rsa key pair.
Enter file in which to save the key (/Your/HomeDir/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):

Although there is an explicit prompt asking for passphrase, but some (or many) people still focus more on the information in brackets: (empty for no passphrase), and following that suggestion.

Combining whether or not using multiple SSH key pairs and whether or not enter additional passwd, we have at least four ways to go. And let's assume all key-pairs and the config file are stored in ~/.ssh/.

Now let't consider security first.

The following table gives a simple rank about security (larger number means more secure):

Security     Ways to go
   1         One   SSH key-pair  (NO passwd)
   1         Multi SSH key-pairs (NO passwd)
   2         One   SSH key-pair  (WITH passwd)
   2         Multi SSH key-pairs (WITH passwd) (SAME passwd)
   3         Multi SSH key-pairs (WITH passwd) (DIFF passwds)

Without passwd, if our system is intruded by someone, then the breaker can get all of our private-keys and config, also the authentication of remote servers. So in this situation, One key-pair and Multi key-pairs are the same. The most secure way is to use different passwds for different ssh key-pairs.

Then let't think about convenience.

But more key-pairs and more passwds also make our life less convenient, the following table gives a simple rank about security (larger number means more secure):

Convenient  Security  Ways to go
   5           1      One   SSH key-pair  (NO passwd)
   4           2      One   SSH key-pair  (WITH passwd)
   3           1      Multi SSH key-pairs (NO passwd)
   2           2      Multi SSH key-pairs (WITH passwd) (SAME passwd)
   1           3      Multi SSH key-pairs (WITH passwd) (DIFF passwds)

So, in general situation, if we have to trade off with security and convenience at the same time, we can multiply the two scores, and maybe One SSH key-pair (WITH passwd) is the good one to choose.

YaOzI

Posted 2010-03-18T09:59:37.147

Reputation: 459

Asked: 2010-03-18T09:59:37.147

Viewed: 17 645 times

Active: 2017-07-20T09:38:44.053