Re: [tlug] Dealing with a second SSH key

[Christian Horn <chorn@example.com>]

On Fri, Oct 10, 2008 at 05:44:29PM +0900, Charles Muller wrote:
>
> A few years ago I succeeded in successfully creating my first ssh 
> keypair, and haven't had to touch it since. But I now want to rsync to a 
> second server (at a completely different domain), and I'm confused about 
> how I'm supposed to handle the two together. If I do
> 
>   ssh-keygen -t dsa
> 
> I am threatened with overwriting my original keypair. 

You are asked for a filename, but you can choose i.e. 
~/.ssh/id_dsa_rsync_to_hostx as useful filename for the private key,
the public key would then be called id_dsa_rsync_to_hostx.pub then.


> But it also seems 
> that I can't simply copy the keypair on my first remote server over to 
> my second remote server (or perhaps I can, and I am doing something 
> wrong with permissions?). I am an absolute beginner at this.

The key-files are just usual files that can be copied over.
Just keep an eye on permissions; the file containing your private
key (the one not ending on .pub) should only be readable by your user.


> I can find plenty of ssh keygen howtos and so forth, but I can't seem to 
> find anything that explicitly tells how to deal with a key for a second 
> remote server.
> 
> Any help would be much appreciated.

Since you want to use the new keypair only for rsyncing you should 
after getting this running restrict what can be done with the key
on the remote rsync-host. 
That way less harm can be done if the private-key used for the
rsyncing should be compromised.

Suggested readings:
man ssh
man ssh_config
man ssh-keygen

Not just as in RTFM but also longtime ssh-users do this from time to
time just do discover amazing new features like multiplexing or vpn
get implemented in openssh ;)


Christian