Multiple Private Keys - SSH

This is a discussion on Multiple Private Keys - SSH ; We have one user that has to ssh to two different accounts on the same server. The server administrator requires that the two accounts have different public keys. Outside of having two separate private keys associated with each public key ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Multiple Private Keys

  1. Multiple Private Keys

    We have one user that has to ssh to two different accounts on the same
    server. The server administrator requires that the two accounts have
    different public keys.

    Outside of having two separate private keys associated with each public key
    is there an easier way to manage the process? I tried having both private
    keys in the id_dsa file but that didn't seem to work.

    Mark Jacobs

  2. Re: Multiple Private Keys

    >>>>> "MJ" == Mark Jacobs writes:

    MJ> We have one user that has to ssh to two different accounts on the
    MJ> same server. The server administrator requires that the two
    MJ> accounts have different public keys.

    MJ> Outside of having two separate private keys associated with each
    MJ> public key is there an easier way to manage the process? I tried
    MJ> having both private keys in the id_dsa file but that didn't seem
    MJ> to work.

    Use ssh-agent, or the IdentityFile keyword in ~/.ssh/config.

    --
    Richard Silverman
    res@qoxp.net


  3. Re: Multiple Private Keys

    Richard E. Silverman wrote:

    >>>>>> "MJ" == Mark Jacobs writes:

    >
    > MJ> We have one user that has to ssh to two different accounts on the
    > MJ> same server. The server administrator requires that the two
    > MJ> accounts have different public keys.
    >
    > MJ> Outside of having two separate private keys associated with each
    > MJ> public key is there an easier way to manage the process? I tried
    > MJ> having both private keys in the id_dsa file but that didn't seem
    > MJ> to work.
    >
    > Use ssh-agent, or the IdentityFile keyword in ~/.ssh/config.
    >


    ssh-agent is not an option in this environment. Can there be more than one
    IdentityFile option in the configuration file, with ssh using each one when
    authentication is attempted?

    Mark Jacobs

  4. Re: Multiple Private Keys

    >> MJ> We have one user that has to ssh to two different accounts on the
    >> MJ> same server. The server administrator requires that the two
    >> MJ> accounts have different public keys.


    If they are the same user what justification has the server administrator
    for this?

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/

  5. Re: Multiple Private Keys

    Mark Jacobs writes:

    >ssh-agent is not an option in this environment. Can there be more than one
    >IdentityFile option in the configuration file, with ssh using each one when
    >authentication is attempted?


    In ~/.ssh/config you can have a separate section for each hostname,
    specifying the defaults for connecting to that host. Check the man
    page.


  6. Re: Multiple Private Keys

    Neil W Rickert wrote:

    > Mark Jacobs writes:
    >
    >>ssh-agent is not an option in this environment. Can there be more than one
    >>IdentityFile option in the configuration file, with ssh using each one
    >>when authentication is attempted?

    >
    > In ~/.ssh/config you can have a separate section for each hostname,
    > specifying the defaults for connecting to that host. Check the man
    > page.


    I haven't check yet but does that feature work for two accounts on the same
    server, i.e. user1@host and user2@host each one requireing separate public
    keys?

    Mark Jacobs

  7. Re: Multiple Private Keys

    all mail refused wrote:

    >>> MJ> We have one user that has to ssh to two different accounts on
    >>> the MJ> same server. The server administrator requires that the two
    >>> MJ> accounts have different public keys.

    >
    > If they are the same user what justification has the server administrator
    > for this?
    >

    Its policy, doesn't mean it has to make sense.

    Mark Jacobs

  8. Re: Multiple Private Keys

    >>>>> "MJ" == Mark Jacobs writes:

    MJ> Neil W Rickert wrote:
    >> Mark Jacobs writes:
    >>
    >>> ssh-agent is not an option in this environment. Can there be more
    >>> than one IdentityFile option in the configuration file, with ssh
    >>> using each one when authentication is attempted?

    >> In ~/.ssh/config you can have a separate section for each
    >> hostname, specifying the defaults for connecting to that host.
    >> Check the man page.


    MJ> I haven't check yet but does that feature work for two accounts on
    MJ> the same server, i.e. user1@host and user2@host each one
    MJ> requireing separate public keys?

    You can have different aliases for it, but even that's not necessary -- a
    single global set of IdentityFile statements will have the client try all
    of them.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread