Regarding backups (escrows) of GPG (OpenPGP compliant) keys, I seem to understand that (E)ncryption keys need to be backed up, to prevent data loss, and that (S)igning keys should not be backed up, because it is crucial that the owner is absolutely certain that they are the only one who can use the signing key at any moment.
Is there a good protocol regarding backing up (A)uthentication keys? I could imagine no backups because only you want to be able to authenticate yourself, but on the other hand if you lose your authentication key and you need to ssh into a VPS with it, you’re out of luck (but with a server at home you could just wait to get physical access to replace the public ssh key).
So does it depend on your situation? I’m asking this question because I am using a Master (C) key with separate Encryption, Signing, and Authentication subkeys. I could conceive of making a Master (CA) key, and then put two public authentication keys on your VPS– one tied to your (CA) Master key and the other to your (A) Subkey– so in case you lose your (A) subkey, you can dig up your basement, get your (CA) Master key, and ssh into the VPS to remove the old (A) Subkey public key and add a new (A) Subkey public key.
Thanks in advance.