Should I generate new SSH private keys for each machine I work from?
The question is a bit confusing. As I understand it, you're asking about logging in to a server, via SSH set up with PubKeyAuthentication
, from any of your three machines.
You should generate one pair of keys for each machine. In this way if one private key gets compromised you don't have to regenerate a key pair on all three machines you login from. In fact, you want to identify yourself (to the server) as "you at computer X".
If you were using PGP, then you should be using an unique key pair to identify yourself (to other PGP users) as "you".
Each keypair represents an identity. Sometimes it can be useful to have a different identity on each machine you use, but somethimes it can be useful to share an identity between devices.
When you have a separate key for each device, then:
- Your communication partners need to have the public keys for all your devices and need a verification that it's you (you can provide the latter by signing the keys of all devices with the keys of all other devices). This becomes quite cumbersome when you ever buy a new device.
- Your communication partners know from which device you send a message, which reduces your privacy.
When you use the keys only for private purposes, for example for logging into your own server, then having a separate key for each device has the advantage that should one key get compromised, you only need to revoke that key and don't have to replace the key on every single device you own. But the cost for this is higher management overhead: To add a new device, you need to log in with an old device to add the new public key. With a shared key, you just need to copy the key to the new device.