On Wed, Nov 28, 2012 at 6:59 PM, Andrew DeFaria wrote: > On 11/28/2012 1:21 PM, anulav2 wrote: >> >> Andrew, >> Keys will "ALWAYS" be different irrespective if it is two servers on same >> or different domain. >> That is the whole point of copying keys to remote servers authorized_keys >> file. > > I don't think so. I do know the following - here at my current client there > are two distinct domains that I deal with - Irvine and San Jose. My Windows > laptop is in the Irvine domain. My home directory is on a filer and is > shared between my Windows laptop and the various Linux server machines in > Irvine. I generate a key and put it in my ~/.ssh/authorized_keys and I can > ssh to localhost or any of the Linux servers. Additionally I can ssh from > Linux to my laptop, passwordlessly. > > If I take that key and put it into the ~/.ssh/authorized_keys in San Jose > then this allows me to ssh into from Irvine to San Jose without a password. > But I cannot ssh from San Jose -> Irvine without being prompted for a > password. > > However if I generate a key in San Jose and put it in ~/.ssh/authorize_keys > in Irvine then I can ssh from San Jose -> Irvine without a password. This > tells me that generated ssh keys are unique per domain. For bilateral ssh > passwordless logins between the two domains you should have at least 2 lines > in your ~/.ssh/authorized_keys file, one for each domain: >
Actually, although your method would be best for security reasons, you could copy the private key file to the other computer and add the public key to the authorized_keys file so that you only have one key pair. You don't need more than one key pair as long as the private key portion is available in your $HOME/.ssh directory on all computers. > ssh-dss > AAAAB3NzaC1kc3MAAACBANIhaC5kcPP9paO1PgxbXmeoCTT/COtutXPQKcE85/ut6cvVCL4Ctwv0Uz04q+XdB75qvL+0pbfsg6kRkE6xSJpiOzNXe/ED+EXv1xnp5otlAi3AAAAFQD6ej4gmxyMdsn+Yf7E6TR7RsDfbQAAAIEAsQ5y+xF0fhjORxzivaFVZW2znN0eF5rRNONG7aN/2j9Fu3sTV8YRgjvOSL755Kg0r6a+fu3OMjWMaUFG4BGPTLH8jW3YlWJvTiYhq/3BR8nBh9by0NEiy3UTPyPYTZ8SZPaTABhDcfkQD1qum6TlIBDBlX5gI3Q/abtGGZoo3+AAAACBAIQyf+LdDWl2Pq32NJC6ijufpynK1aOiPlUnvDoFh9snrQ+4JpgWDUsj7dRjbNZbu19PnamGnYduo2xz1USAu6+ePAXiW16m9512SpjKGIRSlnrjXcN+Ys8wJGtdGK0uk0c5q4wyd2Yh/BLsyneV8mWCIKGsi7PZ7gHd1vAqYjNa > adefaria@Irvine > ssh-dss > AAAAB3NzaC1kc3MAAACBGc2XQc9lkE4sacaUKWJBG+hIZFFGejIn4Q366boqkM+pSbx4k5j9UhLhke+nQO7L0lPDJ+TeBbzuSweOTzCN1DSOQEb9wQEeOIPR3WzhZSt7oEsoPDdWC2hUns4MoKKOtTO1Bje0E1c5LYd3hou7AAAAFQDCbH96A9u3EeJLe5OtlkItob2MhwAAAIEAoz4dtm9nqOH+YgNqxRmuyy3f46zSr/ALY747aOpRpxRnGcbZPO6bJHevkN7oomQwSzbHqJbsOzSMpjs9yrxQUAklGsdL7STC4HpheHUKyqGvZB1SP5pQ+thqPo4GQTIpEZxsmsrb5dRNOZstdWqeYQtsu0qYqvHOnxOSWsC5V3wAAACBALY5CD58gt12E4logCHko7p+k8KUS8eAapwbThhH6rsOWjnhBLEDqL4qWn3w8Lk+1vkGIkhZ5Iysbx81Tk6njhnklAFHHtp4MBxuuJbbqLGrM9SKMG1kQDfjFGowkZsLpf2jw37vy0fo/LfJ1NEGpVq6fI3U+O48PUcr2dEpO6UD > adefaria@San Jose > > Note that the 3rd field is treated as a comment so I changed it to > adefaria@Irvine and adefaria@San Jose. Note 2: The above keys have been > modified to protect them. > I hope these aren't your real keys, if so you should regenerate them now that you've shared them in public. -- Earnie -- https://sites.google.com/site/earnieboyd -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
