Managing Multiple Private SSH Keys
Until recently, I wasn’t really aware of the concept of having multiple private/public SSH key pairs in order to access different systems. As a developer, I’ve obviously used SSH fairly frequently over a number of years but it’s been more to get things done, e.g. setting up my GitHub account or connecting to some server at work once in a blue moon.
Typically, I would have a single pair of keys which I would use in all cases. So, my public key would be held by GitHub, my Mac server, my Gerrit server, Jenkins, TeamCity and so on. If I lost my private key it wouldn’t be a terrible loss - most of the systems I use are only accessible on the company intranet and are easily changed. I now know this is not the most secure setup (hey, I’m no sysadmin) but I also know that I’m not the only person doing this!
So what happens when we want to SSH onto a machine using a different key pair?
Manually managing multiple private keys
Let’s assume you’ve already set up new key pairs in your
~/.ssh directory. If you
ls in that directory, you might see something like this:
When SSH’ing onto a server - e.g. Jenkins - you would usually just type
$ ssh user@host and be done with it (assuming you have the default
id_rsa.pub keys in your
Because we now have separate keys for each server, we must specify the location of the corresponding private key (in your
~/.ssh/ directory) when we attempt to SSH onto the server with the
This does the trick but it’s very… wordy. Surely we can shorten it?
Introducing SSH config
Fortunately, there is a simple way to do this.
We can define a
config in our SSH directory. The format looks like this:
You can specify as many hosts as you like. Also, you may not need the
User field depending on your use-case.
Let’s fill this out with my example Jenkins login from above and test it out:
Now we can really easily connect by typing: