SSH keys are a very efficient way to make secure connections over the internet, for a large variety of things.
Many things use SSH keys regularly, for example using Git on GitHub requires you to register a key to use when accessing repositories.
Most of the time, however, their help guides only explain how to create a single key and use it with their service. If you use multiple services that use SSH, you could use the same key for all of them but that would be less secure and would mean having to change your key on each one if you have to change it at any point.
The obvious thing to do is to create multiple keys. This is a quick little tutorial on how to create and manage multiple SSH keys using a Linux terminal. If anyone knows the Windows equivalent, please let me know and I’ll add it to this post.
Let’s start with the basics, the most important thing to be able to do here is to create a key.
Simply open up a new terminal and do the following:
If you get a response saying the directory does not exist run mkdir ~/.ssh and then repeat.
You will be prompted for an output file, just leave it blank and press enter.
You will now be prompted for a passphrase, and then to repeat the passphrase. Do not forget this passphrase, it’s the “lock” for the key.
Once the key has been created you need to add it to the key manager, using ssh-add id_rsa and enter the passphrase you just used.
It should go something like this:
Script started on Tue 24 Apr 2012 14:15:45 BST joe@beast:~$ cd ~/.ssh joe@beast:~/.ssh$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/joe/.ssh/id_rsa): [Press Enter] Enter passphrase (empty for no passphrase): [Enter A Passphrase] Enter same passphrase again: [Repeat Passphrase] Your identification has been saved in /home/joe/.ssh/id_rsa. Your public key has been saved in /home/joe/.ssh/id_rsa.pub. The key fingerprint is: c0:73:11:d7:6e:bc:09:0e:89:62:30:38:e8:e3:fc:17 joe@beast The key's randomart image is: +--[ RSA 2048]----+ |.. o... | |+ o . o . | |.. o +... o | | o o .+o . + | |o .. . So o o | | o E . o | | . . | | . . | | . | +-----------------+ Script done on Tue 24 Apr 2012 14:16:13 BST joe@beast:~/.ssh$ ssh-add id_rsa Enter passphrase for id_rsa: Identity added: id_rsa (id_rsa)
Moving the Key
To organise keys, I simply move my keys into a directory named for their purpose, for example “git” for the git keys.
This leaves me with something like the following layout:
[joe@goblin ~]$ cd .ssh [joe@goblin .ssh]$ ls -l total 16 -rw-r--r--. 1 joe joe 407 May 4 22:07 config drwx------. 2 joe joe 4096 Apr 24 13:27 fedoraproject drwx------. 2 joe joe 4096 Apr 24 13:20 git -rw-r--r--. 1 joe joe 2061 May 4 22:06 known_hosts [joe@goblin .ssh]$ cd git [joe@goblin git]$ ls -l total 8 -rw-------. 1 joe joe 1766 Jan 5 2012 id_rsa -rw-r--r--. 1 joe joe 403 Jan 5 2012 id_rsa.pub [joe@goblin git]$
So in each of the subfolders you will have id_rsa and id_rsa.pub.
Pointing to the Key
The only problem now, is that when ssh searches for a key, it won’t be able to find the one it’s looking for. You need to correctly edit your config file that should be located in your ~/.ssh/ folder. If it isn’t already there, just create a new file.
Mine looks like the following:
Host github.com User git Hostname github.com PreferredAuthentications publickey IdentityFile ~/.ssh/git/id_rsa Host fedoraproject.org Hostname fedoraproject.org PreferredAuthentications publickey IdentityFile ~/.ssh/fedoraproject/id_rsa Host fedorapeople.org Hostname fedorapeople.org PreferredAuthentications publickey IdentityFile ~/.ssh/fedoraproject/id_rsa
It’s fairly self-explanatory what each part of the file is, you could even just use mine as a template.
Enjoy managing your multiple SSH keys easily!