How do I backup ssh keys?
Solution 1
Cryptographic keys which you may want to backup.
~/.gnupg/*
~/.pki/nssdb/*
~/.gnome2/keyrings/*
~/.ssh/*
/usr/local/apache2/conf/ssl.crt/server.crt
/usr/local/apache2/conf/ssl.key/server.key
/etc/ssh/*
/etc/ssl/private/*
/etc/cups/ssl/*
Solution 2
Each user has a directoy ~/.ssh, which typically contains the following files:
1) id_dsa private key of this user (different filename for rsa keys)
1) id_dsa.pub public key of this user
2) authorized_keys public key of other users (or same user on other machines)
config personal configuration
known_hosts host keys of other machines
Additionally, in /etc/ssh/, you will find:
3) ssh_host_dsa_key
3) ssh_host_dsa_key.pub
3) ssh_host_rsa_key
3) ssh_host_rsa_key.pub
Those are the host keys, keys identifying this computer.
You certainly want to backup all private and public keys. We call the machine in question home and the user user@home. Same person has an account user@remote and uses key-based login in both directions. What would happen if you loose any of the key files:
- You loose the identity of user@home.
ssh user@remote
from home will no longer work with key based auth. - user@remote loose the right to login to home with his key.
ssh user@home
will no longer work from remote with key based auth. - You loose the identity of the host. user@remote will see a warning that host keys have changed when trying
ssh user@home
. Depending on the configuration this will prevent him from logging in.
Related videos on Youtube
karthick87
Updated on September 18, 2022Comments
-
karthick87 over 1 year
I am planning to do a fresh install of ubuntu 11.10 in my system. Before that i have setuped key based ssh authentication in this machine. Is it possible to take backup of those ssh keys, so that i can use that in my new installation. Or else i must setup keybased ssh authentication again? If i can take backup, what are the files i need to copy? Can someone explain it in detail pls. Thanks in advance.
-
Caesium over 12 yearsYou missed the very one he asked about (
~/.ssh
) but a good list nonetheless :) -
Tom over 12 yearsYou also missed
/etc/ssh
-
Admin over 12 yearsTo answers to questions not asked... :)
-
illya over 11 yearsGreat list! It's harder to google for such a list than it should be. Thank you for providing it.