SSH key exchange

Question

I have 2 servers with which I work: first one is application server and another one is archival server. I access both of these servers using F-Secure SSH Client using the same user id and public-private key pair for authentication. It means that private key is stored on the Windows machine and public key is stored on both servers.

Now I need to access archival server from application server. To do that I have to do a key exchange first.

What is a standard aproach in this case? Do I just copy my private key from Windows to the application server? Would it compromise security? Or I need to generate a new key pare?

I appretiate your help!

P.S. I am relatively new to Unix administration, so don't be very hard on me :)

Answer 1

@fyr's answer is correct, however you don't need to manually add or copy anything. You can do it with ssh-copy-id.

Assuming that the SSH server on your new machine is already running, from your old machine (which already has an SSH key pair, if not run ssh-keygen), run

ssh-copy-id -i ~/.ssh/mykey user@host

where the -i parameter denotes the location of your public key. The ssh-copy-id tool will add the .pub extension if necessary, so it won't be trying to send your private key.

A real-world example of this, let's say to exchange keys with a Raspberry Pi, would be:

ssh-copy-id -i ~/.ssh/id_rsa pi@192.168.1.11

This will ask for your password, but just once. If the key exchange is successful, you'll be able to ssh into it without needing a password.

Answer 2

The standard approach is:

1. Generate on each machine/user a new private/public key pair
2. Use authorized keys file in .ssh and add every public key
3. Copy this authorized keys file to every remote host

Sidenote: The authorized key file as well as the key pairs are user@machine related

Sidenote2: Usually ppl block root completely from this process. Root should be neither accessible via pw auth nor with key auth.