Best Practices for Using the Same SSH Private Key Across Multiple Linux Systems


2 views

When I first tried sharing an SSH key between two Ubuntu machines, I assumed simply copying id_rsa would work. The reality proved more nuanced. Here's what actually happens during SSH authentication:

# Typical SSH connection flow:
1. Client offers public key fingerprint
2. Server checks authorized_keys
3. Client proves possession of private key
4. Access granted if all checks pass

The .ssh directory and its contents require strict permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/known_hosts

Forgetting these permissions results in the "Permission denied" error because SSH deliberately refuses to use insecure key files.

For reliable multi-machine key sharing:

  • Copy both private and public keys (id_rsa and id_rsa.pub)
  • Verify permissions on destination machine
  • Ensure consistent username@host naming in known_hosts
  • Consider using SSH config for multi-environment management

For professional setups, configure ~/.ssh/config:

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

This explicitly tells SSH which key to use for specific hosts, preventing key conflicts.

When facing authentication failures:

ssh -Tv git@github.com  # Verbose mode
ls -la ~/.ssh          # Verify permissions
ssh-add -l             # Check loaded keys

The verbose output will show exactly where the authentication process fails.

When working with multiple development machines, copying your private SSH key (id_rsa) between systems seems like a logical approach. However, simply copying the key file often leads to authentication failures with cryptic "Permission denied (publickey)" errors.

The complete SSH key environment consists of more than just the private key file. The system expects:

1. Correct file permissions (600 for private key)
2. Proper ownership (your user account)
3. Matching public key in authorized_keys (on server)
4. Corresponding key in ssh-agent (if used)

Here's the complete procedure to properly share SSH keys:

1. Verify Key Permissions

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh

2. Ensure Proper File Ownership

sudo chown -R $USER:$USER ~/.ssh

3. Add Key to SSH Agent

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

4. Verify Key Fingerprint Matches

ssh-keygen -lf ~/.ssh/id_rsa.pub
# Compare with GitHub's stored key fingerprint

For verbose debugging output:

ssh -Tv git@github.com

Common issues this reveals:

- Agent forwarding problems
- Incorrect key being offered
- Permission/ownership issues
- Missing public key

For more control, create/modify ~/.ssh/config:

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes

While convenient, key sharing increases attack surface. Consider:

  • Using unique keys per machine
  • Implementing SSH certificates
  • Regular key rotation