SSH Keys for multiple user question

Good morning!

I have a Debian 7 server with apache2, php5 and mysql.

I am the admin of my server. I added a new user to the system and disabled root logins and password authentication. So I log in now using my user instead of root. I followed the help file about securing your server.

Inside my user directory at /home/user1/ I have my web sites.

There are two other users that I set up, and they have their own directories at /home/user2/ and /home/user3/. User3 lives with me and they use a Mac laptop to log in. I read that I could just copy the ssh key that I had generated to their /home/user3/.ssh folder. I did that, and I logged in as them (from my laptop which runs Linux Mint) and it worked fine.

What I need to do now is to put the ssh key onto their Mac laptop and then try loggin in from their laptop.

My main question though is this: user2 lives in another country and has a windows desktop. They also are not very tech savvy. So I will have to walk them through every step.

I have read many instructions on using putty to generate ssh keys and how to upload it to their /home/user2/ directory on the remote server (which is my linode in this case). I could walk them through this step by step.

But my question and concern is this:

  • will I be able to log in to their directory after once they have setup their own ssh key and uploaded it to their user directory? If yes, does this mean I have to get their ssh key and put it on my linux laptop? Is it possible then two have two sets of ssh keys in .ssh on my laptop?

  • or is the alternative better: that I simply copy the ssh key I generated and load it to their /home/user2/.ssh directory and then give them a copy to place on their windows desktop? this means that everyone has the same ssh keys and I have the ability to log into everyones user directory, which is what I want.

  • when the latter option is best, my question is, where on the windows desktop does my user2 have to save the ssh key? So that the remote server can check with their local computer if the keys match.

I hope that someone can help me out or point me to some instructions. I would very much appreciate this. Thank you in advance for reading through and helping me.

Greetings, Jasmin

5 Replies

Create a unique keypair for each user! Otherwise, what's to stop user3 from logging in as user1 (you)? And if the private key is lost or stolen, everyone becomes vulnerable.

For the Windows user, create a keypair as usual. Install the public key in his/her .ssh directory. The use PuTTYgen to convert the openssh private key to PuTTY format, for use in PuTTY. A quick google for "putty convert openssh key" will give you numerous pages explaining how to do it.

Hi Sleddog,

Thanks very much for your reply and tip. I will do as you say. It makes sense.

How to do it with putty is no problem. I have the info for that.

The main concern is:

What if I want to log in to each user's directory after creating a unique key for each one - do I need to have all of those ssh keys on my laptop? Is there a special way to do this or arrange it?

Thank you in advance,

Jasmin

Yes, you'd have the 3 private keys on your system. You can rename them to help keep track, e.g. user1private, user2private, user3_private.

Then to login as user3, you'd just specify the username and private key:

[me@laptop] ssh -l user3 -i /path/to/user3_private myserver.org

The proper way would be to add your private key to the .ssh/authorizedkeys for each remote user you want to be able to log in as. .ssh/authorizedkeys can hold multiple keys.

Security advice: Do NOT share the same private key between multiple individuals. Private keys should be generated locally by the individual using them and NOT transferred over the network if possible. That's the point of using key-based authentication in the first place…

Thank you both for your answers. I really appreciate your tips and help. I will try your suggestions. Greetings, Jasmin

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct