Is it reasonable to have multiple SSH keys?

Ultimately this is up to you. You need to evaluate your threat model. How likely is it that one of your keys is compromised? If one key is compromised, how likely is it that the other keys will be compromised? What are the consequences of your keys being compromised? What is the cost (including time) of managing multiple keys?

Considering factors such as these should help you decide if you really need separate keys. On my personal machines on my local network I usually don't bother with extra overhead in trying to manage multiple keys. However, outside of my network I would use different keys each with a unique passphrase. But that is just my personal opinion.


SSH keys use public-key cryptography. That means that what you're installing on all those servers is just your public key, which you want the whole world to know. The only actual secret is your private key that you keep locked down on your own machine. So yeah, I'd say you're wasting your time.


No it is not a waste of time to use more than one key.

More diversity == less risk.

That statement of Spiff's is incorrect.

The point is the public key grants access to the private key holder and no one else.

The risk to be concerned about here is authentication. A rogue site forwards authentication requests to your agent task. If you use only one key, then even when only one key is loaded in your agent, all sites are open to the rogue.

This has nothing to do with the passphrases, you could have several keys with the same passphrase that would make no difference here. Because it is not the passphrase that is compromised.

The rogue forwards challenges to your agent and can connect to all sites for which you have keys loaded. With different keys, one key loaded -> one site at risk.

I say good for you, you picked other peoples privacy over your own laziness.

P.S. the moral of the story is be wary of agent forwarding

Tags:

Ssh