74

This question is similar to SSH public key authentication - can one public key be used for multiple users? but it's the other way around.

I'm experimenting on using ssh so any ssh server would work for your answers.

Can I have multiple public keys link to the same user? What are the benefits of doing so? Also, can different home directories be set for different keys used (all of which link to the same user)?

Please let me know if I'm unclear.

Thanks.

Improve this question

2 Answers 2

Reset to default
106

You can have as many keys as you desire. It's good practice to use separate private/public key sets for different realms anyway, like one set for your personal use, one for your work, etc.

First, generate two separate keypairs, one for home and one for work:

ssh-keygen -t rsa -f ~/.ssh/id_rsa.home
ssh-keygen -t rsa -f ~/.ssh/id_rsa.work

Next, add an entry to your ~/.ssh/config file to pick the key to use based on the server you connect to:

Host home
Hostname home.example.com
IdentityFile ~/.ssh/id_rsa.home
User <your home acct>

Host work
Hostname work.example.com
IdentityFile ~/.ssh/id_rsa.work
User <your work acct>

Next, append the contents of your id_rsa.work.pub into ~/.ssh/authorized_keys on the work machine, and do the same for the home key on your home machine.

Then when you connect to the home server you use one of the keys, and the work server you use another.

Note you probably want to add both keys to your ssh-agent so you don't have to type your passphrase all the time.

Improve this answer
5
  • This would work even if id_rsa.work.pub and id_rsa.home.pub were planted on the same server right? The reason is I might be connecting to a server from different computers, so I'm wondering if it makes sense to have different keypairs for each computer even if they're connecting to the server as the same user. Thanks.
    – Russell
    Jan 12, 2011 at 21:48
  • 2
    Absolutely! On the server side, ssh will check all the public keys in the authorized_keys file until it finds a match. So you can put all the keys in the same authorized_keys file on the server no problem.
    – Phil Hollenback
    Jan 12, 2011 at 21:54
  • 1
    @PhilHollenback "ssh will check all the public keys in the authorized_keys file until it finds a match" - you mean it keep sending challenges to the client for each public key until the client proves it can decrypt one? Do you have any references for that? (genuinely interested)
    – aaa90210
    Apr 2, 2018 at 23:08
  • Hi, what is <your_work_account> where do I find it?
    – Vladimir Despotovic
    Apr 28, 2021 at 8:49
  • @VladimirDespotovic that's just a placeholder for whatever your work account name is. In my example I use work acocunt and home acocunt, but those could be any two different accounts.
    – Phil Hollenback
    May 6, 2021 at 19:23
6

It makes lots of sense to have multiple users' keys going to one user. Common reasons are:

  • backup
  • git (e.g. Push URL: git+ssh://git@git-server/~/repos/MyProject)
  • rsync
  • common access to an app

As far as having different homedirs, you can change them per key by prepending environment="HOME=/home/user1" for user1's key in the authorized_keys file. See man authorized_keys.

Try it out, YMMV.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .