How to transfer my SSH keys to another machine?
Edited: If you own both machines, you may share your private key. But this solution is not safe for case of stolen notebook or for machines you don't own.
You may copy your private keys from H1 to H2, if you want to use the same private key to be able to login from H2 to S1. When you at H1 do the commands:
H1$ ssh H2 mkdir ~/.ssh
H1$ scp ~/.ssh/id_rsa ~/.ssh/id_dsa H2:~/.ssh/
Warning! This will delete and replace any private key you had at H2.
Better way is to generate new private keys on H2 (ssh-keygen
) and install their public part on S1 with ssh-copy-id
util. In this safer case you will have two sets of keys; one is for H1-S1 login and second for H2-S1 login. There will be two public keys authorized at S1. And you will be able to revoke any of them or both (for example, when you notebook is stolen, or owner of the machine decides to disable you account and reuse all your files).
Use ssh-copy-id
SYNOPSIS
ssh-copy-id [-i [identity_file]] [user@]machine
DESCRIPTION
ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/authorized_keys file.
Use two private keys
Set up H2 using the same process (but not the same private key) as you did when you set up H1:
- There is never a good reason to copy a private key from some other machine. If you haven't already generated a fresh private key on H2, do so now. Also generate the corresponding public key. In a terminal on H2,
type: ssh-keygen -t rsa
- Copy your H2's public key to the server. In a terminal on H2,
type: ssh-copy-id [email protected]
(but use your actual username on S1 and S1's hostname, and later type in your password on S1 when it asks for it).
This installs the public key of your workstation into the ~/.ssh/authorized_keys
file for that user on the server.
- There is no step 3. From now on, you can log into the S1 from your H2, and also log into the S1 from your H1.
details
I assume that what you are really asking is
- I have a server ("S1")
- I log in to my server from my personal laptop ("H1")
- I also want to log in to my server from my workstation ("H2").
What is the right way to do that?
- I suppose I could simply log in with the same password from both places. That can't be the right way, because everyone says that public key authentication is much better than passwords. (a)
- I suppose I could simply copy the private key from my laptop to my workstation. That can't be the right way, because everyone says that the private key is never supposed to leave the client machine.
People have it hammered into their head that one account on a server has a single username and, of course, a single authorized password.
Public-key systems like ssh are better than the password system:
One account on a server has a single username and any number of authorized public keys, all of them listed in the ~/.ssh/authorized_keys
file.
(more details).