mjhjmtu

I am little bit lost or confused.

1. I have some secure server where inside ~/.ssh/authorized_keys i have a key to remotely login those servers from my desktop (mac book )




2. Now that secure server need to SFTP/SCP to some third party servers

They provided me SSH ip, username, password, but i need to login with key. They asked me to share key.

Now confused which key i have to share to them? id_rsa.pub or the key from ~/.ssh/authorized_keys

NOTE: if i share my id_rsa.pub key to third party can they use it to hack my secured servers in point 1?

SSH keys have two parts, the secret/private key (usually in ~/.ssh/id_rsa), and the public key (~/.ssh/id_rsa.pub). The secret key can be used to prove who you are (or at least that you hold that secret key), and the public key can be used to check the secret key.

You never pass the secret key to any other party, as that would give them the ability to impersonate you.

As for which public key you install (or send to be installed) on the remote server, is up to you: it depends on what private key you want to use to login there.

If you have a private key on your Macbook, and want to login using that, then send the public key corresponding to that. That's probably the one in your first server's authorized_keys or in your Macs id_rsa.pub. If you want to login from the first server, then send the public key of that server's key, the one in the machines id_rsa.pub.

If you want to login using both keys, you'll need to arrange both in the authorized_keys on the target server.

If you wanted to, you could create multiple private keys on the same system and use different ones for different remote systems. That just requires a bit of bookkeeping to know which key you used where, and some configuration of the SSH client so that it knows to try to use all of the keys. (If you have lots of keys, you may need to configure it per-host.)

Passing the public key (id_rsa.pub) to a third party is no risk. It's in fact exactly what you need to do to allow them to identify you by your private key.

The .pub in the filename id_rsa.pub indicates that it is a public key which is fine to share with anyone managing a remote machine you want to access via ssh. The corresponding private key which should not be shared is id_rsa.

By adding your id_rsa.pub in a remote ~/.ssh/authorized_keys, the administrator of the remote machine is authorizing anyone with access to the private key id_rsa to connect. When you are asked for a public key to share, the administrator of the remote machine will expect a something.pub file.

Authorized_keys contains all the public keys which you put on server you want to connect to. The id_rsa.pub is the file containing a single public key created when you generated a key pair.

If you are acting as a client to the service then you would supply them with a public key. Whether you use an existing public key (and therefore which one if you have multiple) or create a new key pair is not something we can answer - but an important consideration is where you will be connecting from - you don't want to be scattering important private keys across lots of different servers.

You can create new SSH key using putty-gen application and provide pem file to thirty party user for security purpose. Once you work done you can remove the public key which store on server