Using separate SSH keys per host

Keep your credentials secure by using different SSH keys for different servers

Written by Rico Sta. Cruz
(@rstacruz) · 13 Feb 2019

It’s a good idea to keep a different key for every host. That way, should one be compromised, you’re not compromising your access to all your hosts. An easy way to do this is to configure your SSH to automatically look for the key based on the host you’re connecting to.

Configuring SSH

Edit the file ~/.ssh/config and add this “Host” rule in. Whenever SSH connects to a host, it will now look for a corresponding key in ~/.ssh/keys/<user>@<host>.

Host *
IdentityFile ~/.ssh/keys/%r@%h

Organize your keys

Put your SSH keys in ~/.ssh/keys/ in the format of <user>@<host>. My key folder looks a little bit something like this.

Terminal window
├─── rsc@

You’re done!

Try it out by connecting to a host that you have a key for.

Terminal window
$ ssh
Hi rstacruz! You've successfully authenticated, but
GitHub does not provide shell access.
Connection to closed.

Written by Rico Sta. Cruz

I am a web developer helping make the world a better place through JavaScript, Ruby, and UI design. I write articles like these often. If you'd like to stay in touch, subscribe to my list.


More articles

← More articles