0

If this is a duplicate, I'm sorry.
I have searched my case but I couldn't find the right scenario that resembles my situation, although I thought that this situation must have come up before for someone.

Here we go:
I have a user on my remote linux server, ServerUser.
I have a user on my home PC, HomeUser.
I have a user on my work laptop, WorkUser.

I want to connect with HomeUser and WorkUser to the ServerUser with individual ssh keys, instead of generating one and copying it over to the other user.

HomeUser --- ABC-SSH-KEY ---> ServerUser
WorkUser --- XYZ-SSH-KEY ---> ServerUser

This seems like a very common situation for me but oddly enough I was not able to find information about that.

How do I set this up?

Comment to solution:
I first had re-enable password login on the server but then the marked solution worked fine.
So to get the new key on my work laptop working, my steps in total were:

  1. generate a key on the work laptop, for example as ssh-keygen -f ~/.ssh/publicKeyOnWorkLaptop (-f option to specify an output path and a name)
  2. log in on the server from my home PC, with the user that already had a working ssh-key
  3. re-enable ssh password login on the server in /etc/ssh/sshd_config with PasswordAuthentication yes
  4. back on the work laptop run ssh-copy-id -i ~/.ssh/publicKeyOnWorkLaptop.pub ServerUser@Server, give the password when prompted
  5. roll back ssh password login to PasswordAuthentication no from step 3
  6. verify that the public key login works from the work laptop with ssh -i ~/.ssh/publicKeyOnWorkLaptop ServerUser@Server
Improve this question

1 Answer 1

Reset to default
1

Just concat together public keys into a single authorized_keys file. Each key spans exactly one line. Any key found in that file is eligible for authentication.

If you have working password (or other way) of authentication you may just run ssh-copy-id from all machines. It adds to the remote authorized_keys all accessible local public keys.

The last field in the file (the comment at the end of each line) is useful for describing each key, where it came from. You can use that for e.g. specifying for which machine this key is.

You can also restrict some keys in different ways. For example, you may set up the key so it is permitted be used from one IP address, and it will not be accepted even if valid authentication request comes from another.

See man sshd, section AUTHORIZED_KEYS FILE FORMAT for details.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .