Question

Is it secure to have multiple servers with the same SSH key?

Let’s say I have configured a server with the LAMP stack and set up an SSH key which is configured as an access key for a git repository.

After configuring this server, I also want to create a staging and development server, so I create a snapshop of the server and create two copies of this snapshot. This results in 3 servers with the same SSH keys used to access the GIT repository. These SSH keys are only used for read access to the GIT repository.

Are there any reasons (security wise) to not do this, and make sure a unique SSH key is configured for each copy of the original server?

Thanks in advance!

I found this thread that revolves around the same questions, but as that’s quite old, I was wondering what the current viewpoint on this matter is.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello, @hugokamps

I would say you should not worry about this. Your private key is locked down on your computer. I personally use different ssh-keys for personal and work-related projects, but this is just me. You can also have a jump-box server to connect to other servers and use different ssh-keys.

Regards, Alex

Hey there, @hugokamps,

I don’t think there is a reason to create separate keys for each server. As long as you keep your key secure, you should be fine.

The only problem there could be, would be if somebody breaches your key (highly unlikely imo) he would have access to your other servers. But yet again, this is your private key so you should be fine with only one.

Take a look at this answer here as well.

Hope this helps.

Best, Dennis