SSH Keys: One per User vs. Multiple per Host

TL;DR

Generally, one SSH key per user is the better practice for security and manageability. While multiple keys per host are possible, they add complexity without significant benefit in most cases.

Why One Key Per User?

1. Security: If a single key is compromised, it only affects one user account. With multiple keys per host, compromise of the host could expose all associated accounts.
2. Auditing & Revocation: It’s much easier to track and revoke access when each user has their own key. You can quickly disable a user’s access by removing their key from authorized_keys files across your systems.
3. Simplicity: Managing one key per user is simpler for both users and administrators.
4. Automation: Key management tools (like Ansible, Chef, Puppet) work more effectively with a one-key-per-user model.

How to Implement One Key Per User

1. Key Generation: Each user should generate their own SSH key pair on their local machine.

   ssh-keygen -t rsa -b 4096

   This creates a private key (e.g., ~/.ssh/id_rsa) and a public key (e.g., ~/.ssh/id_rsa.pub). Never share the private key!

2. Key Distribution: Copy the user’s public key to the authorized_keys file on each server they need access to.

   ssh-copy-id username@server_address

   Alternatively, manually append the public key to ~/.ssh/authorized_keys on the server.

3. Permissions: Ensure correct permissions on the user’s SSH directory and authorized_keys file.

   chmod 700 ~/.ssh

   chmod 600 ~/.ssh/authorized_keys

Multiple Keys Per Host – When Might It Be Considered?

There are limited scenarios where multiple keys per host might be considered, but these are less common:

• Different Access Levels: If a user needs different levels of access on the same server (e.g., one key for normal use and another for root privileges – strongly discouraged; use sudo instead).
• Key Rotation: To facilitate easier key rotation without disrupting existing sessions, though better tools exist for this purpose.

Risks of Multiple Keys Per Host

• Increased Complexity: Managing multiple keys per host is more complex and error-prone.
• Revocation Challenges: Revoking access becomes harder if you need to identify which key grants specific permissions.
• Security Concerns: A compromised host exposes all associated keys, increasing the blast radius of a security incident.

Best Practice Summary

1. Stick to one SSH key per user whenever possible.
2. Use strong passwords or passphrases for your private keys.
3. Regularly review and revoke unused keys.
4. Consider using a cyber security key management system for larger deployments.