Managing Multiple Private SSH Keys

Until recently, I wasn’t really aware of the concept of having multiple private/public SSH key pairs in order to access different systems. As a developer, I’ve obviously used SSH fairly frequently over a number of years but it’s been more to get things done, e.g. setting up my GitHub account or connecting to some server at work once in a blue moon.

Typically, I would have a single pair of keys which I would use in all cases. So, my public key would be held by GitHub, my Mac server, my Gerrit server, Jenkins, TeamCity and so on. If I lost my private key it wouldn’t be a terrible loss - most of the systems I use are only accessible on the company intranet and are easily changed. I now know this is not the most secure setup (hey, I’m no sysadmin) but I also know that I’m not the only person doing this!

So what happens when we want to SSH onto a machine using a different key pair?

Manually managing multiple private keys

Let’s assume you’ve already set up new key pairs in your ~/.ssh directory. If you ls in that directory, you might see something like this:

$ ls ~/.ssh/

jenkins  github  known_hosts

When SSH’ing onto a server - e.g. Jenkins - you would usually just type $ ssh user@host and be done with it (assuming you have the default id_rsa and keys in your ~/.ssh/ folder).

Because we now have separate keys for each server, we must specify the location of the corresponding private key (in your ~/.ssh/ directory) when we attempt to SSH onto the server with the -i flag:

$ ssh -i ~/.ssh/jenkins

This does the trick but it’s very… wordy. Surely we can shorten it?

Introducing SSH config

Fortunately, there is a simple way to do this.

We can define a config in our SSH directory. The format looks like this:

Host           short-name
IdentityFile   ~/.ssh/private_ssh_key
User           username-on-remote-server

You can specify as many hosts as you like. Also, you may not need the User field depending on your use-case.

Let’s fill this out with my example Jenkins login from above and test it out:

Host           jenkins
IdentityFile   ~/.ssh/jenkins
User           ben.snape

Now we can really easily connect by typing:

$ ssh jenkins

Much better!

Posted April 30, 2013


comments powered by Disqus

© 2016 Ben Snape