Today I learned
Using separate SSH keys per host
February 13, 2019
It's a good idea to keep a different key for every host. That way, should one be compromised, you're not compromising your access to all your hosts. An easy way to do this is to configure your SSH to automatically look for the key based on the host you're connecting to.
Configuring SSH
Edit the file ~/.ssh/config and add this Host * rule in. Whenever SSH connects to a host, it will now look for a corresponding key in ~/.ssh/key/<user>@<host>.
Host *
IdentityFile ~/.ssh/keys/%r@%hOrganize your keys
Put your SSH keys in ~/.ssh/keys/ in the format of <user>@<host>. My key folder looks a little bit something like this.
~/.ssh/keys/
├─── [email protected]
├─── [email protected]
├─── [email protected]
├─── [email protected]
├─── [email protected]
└─── [email protected]You're done!
Try it out by connecting to a host that you have a key for.
$ ssh [email protected]
Hi rstacruz! You've successfully authenticated, but
GitHub does not provide shell access.
Connection to github.com closed.Generating new keys
To create new keys, simply use ssh-keygen. When prompted for where to place files, put them in <HOME>/.ssh/keys/user@host. Here's an example.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key: /home/rsc/.ssh/keys/[email protected]
Enter passphrase
...