Passwordless SSH servers - what backup plan?

So in general I have been creating droplets without passwords and adding my macbook ssh key as the only way yo access them. All has been going fine so far but I just have a few questions:

  1. If my macbook were to set on fire, my ssh key is gone. I then can’t access the servers. I can’t use the DO consoles either since I have no password in order to add a new SSH key. Is it normal to backup my ssh key pair files to an external drive/host and then would I simply buy a new macbook and stick those in the .ssh directory and continue on as normal?

  2. If the above is not the way to go, how could I regain access to my servers again to add my new mac ssh key?

  3. I still have my old mac, but bought a new one the other day (hence why this has came to mind). I have been sending my public key to my old mac and then using my old mac to access each server one by one and adding my new ssh key. Is this the best method? Or should I have just copied my old ssh key pair to the new mac and let both computers share?


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

See the Droplet Resources page, How to Regain Access to Droplets using the DigitalOcean Droplet Console.

The Access tab on your Droplet control panel offers the Reset Root Password button to create a password for the root user on your FreeBSD or Linux VM.

Then use the Launch Console button. This starts a server-local connection, as if you connected a keyboard & mouse to the server box. Then you view the session remotely via a VNC session within the web browser. Use your root password to take control of your machine again.

Hello friend!

I think you will find that preference is really the key to this part for most people. I always tell people that security and convenience, as well as recovery effort in relation to that, should always be relative to the value of what is behind it. I’ll give a mildly humorous example just to highlight extremes on either side of it:

Too little security is Facebook messaging your private key to your best friend for backup, for a server that houses personal information about 100,000 of your customers. Too much security is hiring a team of guards to protect a flash drive with your private key on it, for a server that houses a blog you haven’t gotten around to writing on yet.

That’s going to the extreme on either side to highlight that the best practice really is somewhat relative. If you reversed the two, it almost wouldn’t seem crazy anymore. You have to decide for the value of your situation what is going to be the proper amount of security and convenience for your needs. Maybe that’s storing a flash drive in a lock box somewhere, maybe just that external drive. Maybe it’s having a key for every machine or sharing one between your machines (though bonus of multiple is that you can kill one key if a machine is stolen).

I know that wasn’t terribly informative but I think you already have a great mind for this and you are already thinking on the right path. I believe that you will make the best decisions for your situation on this :)

Kind Regards, Jarland