3

First, sorry if this question has already been asked/answered - I've searched but perhaps I haven't recognised the answer....

What we have is a cluster of servers which need to access a single remote server using sftp.

We are migrating from one remote server to another at the same (remote) location.

We also want to refresh the public/private key pairs on the configuration as part of an ongoing security review.

My question is - can we have multiple public/private key pairs for the same user between server A and server B?

I want to do this to allow for cutover testing - but am concerned that the software checking keys may only try one of each type (rsa/dsa?) before rejecting the connection method and moving to the next type of key.

Hope it's a straightforward question - please let me know if I need to supply more details.

John Gardeniers
  • 27,558
Bruce
  • 31

2 Answers2

5

Yes you can have multiple keypairs for a single user. On the remote site put all of the public keys in the users ~/.ssh/authorized_keys file.

On the local site have each private key in a separate file and then use the -o IdentityFile=/path/to/privatekeyfile to specify which private key to use. You could use

sftp user@remote.tld ...

to use the default (current ?) private key and 

sftp -o IdentityFile=/home/user/.ssh/usernewkey user@remote.tld ...

to use the new key.

user9517
  • 116,228
1

If this question refers to a *NIX system, then Iain's answer is absolutely perfect and comprehensive.

There is, however, a slightly more inconsistent situation if it is a Windows server. In fact, not all SSH servers for the Windows platform support multiple authentication keys per user. Therefore, if you are running your SSH/SFTP server on Windows, just make sure you pick a SSH server software that supports such feature.

MadHatter
  • 80,590
FjodrSo
  • 294