Menu
I want to use multiple private keys to connect to different servers or different portions of the same server (my uses are system administration of server, administration of Git, and normal Git usage within the same server). I tried simply stacking the keys in the id_rsa files to no avail.
Apparently a straightforward way to do this is to use the command
ssh -i <key location> [email protected] That is quite cumbersome.
Any suggestions as to how to go about doing this a bit easier?
227
You use SSH for connecting to remote servers, which also includes managing your code using Git and syncing with remote repositories. Even though it is considered a good practice to have one private-public key pair per device, sometimes you need to use multiple keys and/or you have unorthodox key names.
You only need one key as the key belongs to your user. There is no need (and no improvement in security) by having one key per host. As long as your private key is kept private you can go with this single key and use it to authenticate yourself against multiple hosts.
You can have as many keys as you desire. It's good practice to use separate private/public key sets for different realms anyway, like one set for your personal use, one for your work, etc. Next, append the contents of your id_rsa.
You can instruct ssh to try multiple keys in succession when connecting. Here's how:
$ cat ~/.ssh/config IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/id_rsa_old IdentityFile ~/.ssh/id_ed25519 # ... and so on $ ssh server.example.com -v .... debug1: Next authentication method: publickey debug1: Trying private key: /home/example/.ssh/id_rsa debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey debug1: Trying private key: /home/example/.ssh/id_rsa_old debug1: read PEM private key done: type RSA .... [server ~]$ This way you don't have to specify what key works with which server. It'll just use the first working key.
Also you would only enter a passphrase if a given server is willing to accept the key. As seen above ssh didn't try to ask for a password for .ssh/id_rsa even if it had one.
Surely it doesn't outbeat a per-server configuration as in other answers, but at least you won't have to add a configuration for all and every server you connect to!
45
From my .ssh/config:
Host myshortname realname.example.com HostName realname.example.com IdentityFile ~/.ssh/realname_rsa # private key for realname User remoteusername Host myother realname2.example.org HostName realname2.example.org IdentityFile ~/.ssh/realname2_rsa # different private key for realname2 User remoteusername Then you can use the following to connect:
ssh myshortname
ssh myother
And so on.
76
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
