Join Log in
Score:0
antimatter avatar Server

SSH key for 2 client users to 1 server user

pk flag
antimatter

If this is a duplicate, I'm sorry.
I have searched my case but I couldn't find the right scenario that resembles my situation, although I thought that this situation must have come up before for someone.

Here we go:
I have a user on my remote linux server, ServerUser.
I have a user on my home PC, HomeUser.
I have a user on my work laptop, WorkUser.

I want to connect with HomeUser and WorkUser to the ServerUser with individual ssh keys, instead of generating one and copying it over to the other user.

HomeUser --- ABC-SSH-KEY ---> ServerUser
WorkUser --- XYZ-SSH-KEY ---> ServerUser

This seems like a very common situation for me but oddly enough I was not able to find information about that.

How do I set this up?

Comment to solution:
I first had re-enable password login on the server but then the marked solution worked fine.
So to get the new key on my work laptop working, my steps in total were:

  1. generate a key on the work laptop, for example as ssh-keygen -f ~/.ssh/publicKeyOnWorkLaptop (-f option to specify an output path and a name)
  2. log in on the server from my home PC, with the user that already had a working ssh-key
  3. re-enable ssh password login on the server in /etc/ssh/sshd_config with PasswordAuthentication yes
  4. back on the work laptop run ssh-copy-id -i ~/.ssh/publicKeyOnWorkLaptop.pub ServerUser@Server, give the password when prompted
  5. roll back ssh password login to PasswordAuthentication no from step 3
  6. verify that the public key login works from the work laptop with ssh -i ~/.ssh/publicKeyOnWorkLaptop ServerUser@Server
34
1 + 0
ssh
Score:1
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

Just concat together public keys into a single authorized_keys file. Each key spans exactly one line. Any key found in that file is eligible for authentication.

If you have working password (or other way) of authentication you may just run ssh-copy-id from all machines. It adds to the remote authorized_keys all accessible local public keys.

The last field in the file (the comment at the end of each line) is useful for describing each key, where it came from. You can use that for e.g. specifying for which machine this key is.

You can also restrict some keys in different ways. For example, you may set up the key so it is permitted be used from one IP address, and it will not be accepted even if valid authentication request comes from another.

See man sshd, section AUTHORIZED_KEYS FILE FORMAT for details.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.