Using separate SSH keys per host


It's a good idea to keep a different key for every host. That way, should one be compromised, you're not compromising your access to all your hosts. An easy way to do this is to configure your SSH to automatically look for the key based on the host you're connecting to.

Configuring SSH

Edit the file ~/.ssh/config and add this Host * rule in. Whenever SSH connects to a host, it will now look for a corresponding key in ~/.ssh/key/<user>@<host>.

vim ~/.ssh/config
Host *
  IdentityFile ~/.ssh/keys/%[email protected]%h

Organize your keys

Put your SSH keys in ~/.ssh/keys/ in the format of <user>@<host>. My key folder looks a little bit something like this.

ls ~/.ssh/keys
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

You're done!

Try it out by connecting to a host that you have a key for.

ssh [email protected]
Hi rstacruz! You've successfully authenticated, but
GitHub does not provide shell access.
Connection to closed.

Generating new keys

To create new keys, simply use ssh-keygen. When prompted for where to place files, put them in <HOME>/.ssh/keys/[email protected]. Here's an example.

Generating public/private rsa key pair.
Enter file in which to save the key: /home/rsc/.ssh/keys/[email protected]
Enter passphrase