Managing Multiple SSH Keys for Client Backups on a Single Server

When managing backups from multiple client devices on a single server, a common issue arises: each client device has an SSH key named id_rsa.pub, leading to conflicts. This guide will walk you through creating and managing multiple SSH keys for different clients efficiently.

Understanding the SSH Key Conflict Problem

By default, every SSH key pair consists of:

A private key (id_rsa) – Kept securely on the client.
A public key (id_rsa.pub) – Placed on the server in the ~/.ssh/authorized_keys file.

If multiple clients use the same id_rsa.pub filename, adding their keys to the backup server will overwrite existing keys, causing authentication issues.

Generating Unique SSH Keys for Each Client

To avoid conflicts, each client should have a unique key pair.

Step 1: Generate SSH Keys on Each Client

Run the following command on each client to generate a custom-named SSH key pair:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/client1_backup

-t rsa → Uses the RSA encryption algorithm.
-b 4096 → Sets key strength to 4096 bits.
-f ~/.ssh/client1_backup → Specifies the key filename (e.g., client1_backup instead of id_rsa).

For additional clients, use different names:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/client2_backup

Adding SSH Keys to the Backup Server

Once generated, each client’s public key must be added to the backup server.

Step 2: Copy the Public Key to the Server

Use the following command from the client machine:

ssh-copy-id -i ~/.ssh/client1_backup.pub backup@backup-server

Alternatively, manually copy the key:

cat ~/.ssh/client1_backup.pub | ssh backup@backup-server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Configuring Multiple SSH Keys on the Client

Since multiple SSH keys are in use, the client must specify which key to use when connecting to the server.

Step 3: Configure SSH for Multiple Keys

Edit the SSH configuration file on the client:

nano ~/.ssh/config

Add the following configuration for each client:

Host backup-server
    HostName backup.example.com
    User backup
    IdentityFile ~/.ssh/client1_backup

For a second client:

Host backup-server-client2
    HostName backup.example.com
    User backup
    IdentityFile ~/.ssh/client2_backup

Now, clients can connect to the server using their respective keys with:

ssh backup-server

Automating Backups Using Rsync

Now that authentication is set up, use rsync to efficiently back up client data to the server.

Step 4: Rsync Command for Backups

Run the following command to back up files securely:

rsync -a --delete --exclude=/dev --exclude=/sys --exclude=/proc --exclude=/tmp backup-server:/ /path/to/backup/destination/

Note: Be careful when using --delete, as it will remove files on the destination that do not exist on the source.

Conclusion

By generating unique SSH keys and properly configuring them, multiple clients can securely back up data to a single server without conflicts. Automating backups with rsync further ensures efficiency and security.

Von Aleksandar Stajić|2025-02-12T18:07:33+01:00Februar 12th, 2025|Kategorien: Betriebssystem, Debian Ubuntu, IT Security, Linux, Linux Unix|Kommentare deaktiviert

Über den Autor: Aleksandar Stajić

In meiner bisherigen beruflichen Laufbahn habe ich an über 600 kleineren und größeren Projekten gearbeitet und durfte stets mit den neuesten Technologien innovative und individuelle Lösungen erarbeiten. Ich habe u.a. an den ersten Webapplikationen (Rich Internet Applications) für Datenerfassung und Auswertung über UMTS, an DB-Marktforschung und Tracking, Database Marketing, Online-Marketing, e-Commerce, CMS, Adoptive- und Responsive-Designs, unter Linux- und Windows-Servern und in allen OSI-Schichten gearbeitet.

Cookie	Dauer	Beschreibung
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Managing Multiple SSH Keys for Client Backups on a Single Server