Manage multiple SSH keys

SSH keys are a very efficient way to make secure connections over the internet, for a large variety of things.

Many things use SSH keys regularly, for example using Git on GitHub requires you to register a key to use when accessing repositories.
Most of the time, however, their help guides only explain how to create a single key and use it with their service. If you use multiple services that use SSH, you could use the same key for all of them but that would be less secure and would mean having to change your key on each one if you have to change it at any point.

The obvious thing to do is to create multiple keys. This is a quick little tutorial on how to create and manage multiple SSH keys using a Linux terminal. If anyone knows the Windows equivalent, please let me know and I’ll add it to this post.

Creating Keys

Let’s start with the basics, the most important thing to be able to do here is to create a key.

Simply open up a new terminal and do the following:
cd ~/.ssh
If you get a response saying the directory does not exist run mkdir ~/.ssh and then repeat.
ssh-keygen
You will be prompted for an output file, just leave it blank and press enter.
You will now be prompted for a passphrase, and then to repeat the passphrase. Do not forget this passphrase, it’s the “lock” for the key.
Once the key has been created you need to add it to the key manager, using ssh-add id_rsa and enter the passphrase you just used.

Script started on Tue 24 Apr 2012 14:15:45 BST
joe@beast:~$ cd ~/.ssh
joe@beast:~/.ssh$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/joe/.ssh/id_rsa): [Press Enter] 
Enter passphrase (empty for no passphrase): [Enter A Passphrase] 
Enter same passphrase again: [Repeat Passphrase] 
Your identification has been saved in /home/joe/.ssh/id_rsa.
Your public key has been saved in /home/joe/.ssh/id_rsa.pub.
The key fingerprint is:
c0:73:11:d7:6e:bc:09:0e:89:62:30:38:e8:e3:fc:17 joe@beast
The key's randomart image is:
+--[ RSA 2048]----+
|..      o...     |
|+ o  .   o  .    |
|.. o  +... o     |
| o  o .+o . +    |
|o .. .  So o o   |
| o   E    . o    |
|  .   .          |
|   . .           |
|    .            |
+-----------------+
Script done on Tue 24 Apr 2012 14:16:13 BST

joe@beast:~/.ssh$ ssh-add id_rsa
Enter passphrase for id_rsa: 
Identity added: id_rsa (id_rsa)
[joe@goblin ~]$ cd .ssh
[joe@goblin .ssh]$ ls -l
total 16
-rw-r--r--. 1 joe joe  407 May  4 22:07 config
drwx------. 2 joe joe 4096 Apr 24 13:27 fedoraproject
drwx------. 2 joe joe 4096 Apr 24 13:20 git
-rw-r--r--. 1 joe joe 2061 May  4 22:06 known_hosts
[joe@goblin .ssh]$ cd git
[joe@goblin git]$ ls -l
total 8
-rw-------. 1 joe joe 1766 Jan  5  2012 id_rsa
-rw-r--r--. 1 joe joe  403 Jan  5  2012 id_rsa.pub
[joe@goblin git]$

So in each of the subfolders you will have id_rsa and id_rsa.pub.

Pointing to the Key

The only problem now, is that when ssh searches for a key, it won’t be able to find the one it’s looking for. You need to correctly edit your config file that should be located in your ~/.ssh/ folder. If it isn’t already there, just create a new file.

Mine looks like the following:

Host github.com
	User git
	Hostname github.com
	PreferredAuthentications publickey
	IdentityFile ~/.ssh/git/id_rsa
Host fedoraproject.org
	Hostname fedoraproject.org
	PreferredAuthentications publickey
	IdentityFile ~/.ssh/fedoraproject/id_rsa
Host fedorapeople.org
	Hostname fedorapeople.org
	PreferredAuthentications publickey
	IdentityFile ~/.ssh/fedoraproject/id_rsa

It’s fairly self-explanatory what each part of the file is, you could even just use mine as a template.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s