What should ssh keys authenticate?
A person? a person physical computers? a person usernames?

I just spin up droplet, generated a ssh key pair from my pc, and added it to the droplet via the DO GUI for the root user. Now within ubuntu I’m creating a sudo user and will add keys to it. Should i generate a new key pair from the server itself and use those? or is it ok to reuse the keys from the root user?

The way i see it, if a create a new key pair for the sudo user, i might never again use the keys for the root user.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Hi @decimoseptimo

Think of SSH keys like very advanced passwords - you should never re-use the same password two places either. Keys should unique for each user, for each person who login.
That way you can revoke (delete) a specific key, but everyone else still keeps their access.
This is dumbing down the beautiful, complex structure of SSH keys, but you’re already on the right path with keeping it unique, so I think you get the point of it :)

Submit an Answer