multiple ssh private keys

by Karanbir Singh Email

In quite a few situations its preferred to have ssh keys dedicated for a service or a specific role. Eg. a key to use for home / fun stuff and another one to use for Work things, and another one for Version Control access etc. Creating the keys is simple, just use

ssh-keygen -t rsa -f ~/.ssh/id_rsa.work -C "Key for Word stuff"

Use different file names for each key. Lets assume that there are 2 keys, ~/.ssh/id_rsa.work and ~/.ssh/id_rsa.misc . The simple way of making sure each of the keys works all the time is to now create config file for ssh:

touch ~/.ssh/config
chmod 600 ~/.ssh/config
echo "IdentityFile ~/.ssh/id_rsa.work" >> ~/.ssh/config
echo "IdentityFile ~/.ssh/id_rsa.misc" >> ~/.ssh/config

This would make sure that both the keys are always used whenever ssh makes a connection. However, ssh config lets you get down to a much finer level of control on keys and other per-connection setups. And I recommend, if you are able to, to use a key selection based on the Hostname. My ~/.ssh/config looks like this :

Host *.home.lan
  IdentityFile ~/.ssh/id_dsa.home
  User kbsingh

Host *.vpn
  IdentityFile ~/.ssh/id_rsa.work
  User karanbir
  Port 44787

Host *.d0.karan.org
  IdentityFile ~/.ssh/id_rsa.d0
  User admin
  Port 21871

Ofcourse, if I am connecting to a remote host that does not match any of these selections, ssh will default back to checking for and using the 'usual' key, ~/.ssh/id_dsa or ~/.ssh/id_rsa

Categories: Linux, Security
Permalink25/Aug/2009 05:17:49 am,

6 comments

Comment from: Ionut [Visitor]
Ionutplease check your feed because it give us the following link:

http://www.karan.org/blog/266@http://www.karan.org/blog/

which is not working of course.

cheers.
25/Aug/2009 @ 10:18
Comment from: Karanbir Singh [Member] Email
Karanbir SinghIonut,

I'll check that later. ideally, I'd like to just move to some other software that isnt as extensive or as large as b2evo.
25/Aug/2009 @ 10:19
Comment from: Ashish SHUKLA [Visitor]
Ashish SHUKLAYou can manage multiple SSH keys (and GPG keys too) using Gentoo Keychain[1] which is a helper for gpg-agent and ssh-agent. source keychain from your shell's login/init script and enjoy ssh-ing without passwords :)

[1] - http://www.gentoo.org/proj/en/keychain/
26/Aug/2009 @ 14:02
Comment from: John Doe [Visitor]
John DoeThis worked wonderfully! Thank you.
09/Aug/2010 @ 13:42
Comment from: chris hough [Visitor]
chris houghthank you so much for posting this, it fixed the issue I was having with my setup. now I can have a bunch of keys individually configured for my needs.
18/Mar/2012 @ 18:29
Comment from: virendra [Visitor] Email
virendraGreat can I have a multiple identity for a single host like

host github
hostname github.com
user git
identityfile /root/.ssh/viren , /root/.ssh/id_rsa

Could answer that please
22/May/2012 @ 05:20