Best way to use multiple SSH private keys on one client

Question

I want to use multiple private keys to connect to different servers or different portions of the same server  my uses are system administration of server  administration of Git  and normal Git usage within the same server   I tried simply stacking the keys in the id rsa files to no avail   Apparently a straightforward way to do this is to use the command   ssh -i  lt key location gt  login server example com    That is quite cumbersome   Any suggestions as to how to go about doing this a bit easier

User · Answer

Multiple key pairs on GitHub  1 0 SSH configuration file  1 1 Create    ssh config  1 2 chmod 600    ssh config   must   1 3 Input the following into the file      Host pizza           HostName github com          PreferredAuthentications publickey   optional          IdentityFile    ssh privatekey1      Case A  Fresh new Git clone  Use this command to Git clone     git clone git pizza yourgitusername pizzahut repo git   Note  If you want to change the host name    pizza    of  ssh config in the future  go into the Git cloned folder  edit  git config file URL line  see case B   Case B  Already have Git clone folder  2 1 Go to the cloned folder  and then go into the  git folder  2 2 Edit configuration file  2 3 Update the URL from  old to new    Old  URL   git github com yourgitusername pizzahut repo git   New  URL   git pizza yourgitusername pizzahut repo git

User · Answer

You can create a configuration file named config in your    ssh folder  It can contain   Host aws     HostName  yourip      User  youruser      IdentityFile  idFile    This will allow you to connect to machines like this   ssh aws

User · Answer

Here is the solution that I used inspired from the answer of sajib-khan  The default configuration is not set  it s my personal account on GitLab and the other specified is my company account  Here is what I did   Generate the SSH key  ssh-keygen -t rsa -f    ssh company -C  name surname company com    Edit the SSH configuration  nano    ssh config       Host company gitlab com     HostName gitlab com     PreferredAuthentications publickey     IdentityFile    ssh company   Delete the cached SSH key s   ssh-add -D   Test it   ssh -T git company gitlab com      Welcome to GitLab   hugo sohm    ssh -T git gitlab com      Welcome to GitLab   HugoSohm    Use it   Company account  git clone git company gitlab com group project git   Personal default account  git clone git gitlab com username project git   Here is the source that I used

User · Answer

The answer from Randal Schwartz almost helped me all the way  I have a different username on the server  so I had to add the User keyword to my file   Host           friendly-name HostName       long and cumbersome server name IdentityFile      ssh private ssh file User           username-on-remote-machine   Now you can connect using the friendly-name   ssh friendly-name   More keywords can be found on the OpenSSH man page  NOTE  Some of the keywords listed might already be present in your  etc ssh ssh config file

User · Answer

For those who are working with aws I would highly recommend working with EC2 Instance Connect  Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell  SSH   With EC2 Instance Connect  you use AWS Identity and Access Management  IAM  policies and principles to control SSH access to your instances  removing the need to share and manage SSH keys  After installing the relevant packages  pip install ec2instanceconnectcli or cloning the repo directly  you can connect very easy to multiple EC2 instances by just changing the instance id    What is happening behind the scenes  When you connect to an instance using EC2 Instance Connect  the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds  An IAM policy attached to your IAM user authorizes your IAM user to push the public key to the instance metadata  The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser  which are configured when Instance Connect is installed  to look up the public key from the instance metadata for authentication  and connects you to the instance      Amazon Linux 2 2 0 20190618 or later and Ubuntu 20 04 or later comes preconfigured with EC2 Instance Connect  For other supported Linux distributions  you must set up Instance Connect for every instance that will support using Instance Connect  This is a one-time requirement for each instance   Links  Set up EC2 Instance Connect Connect using EC2 Instance Connect Securing your bastion hosts with Amazon EC2 Instance Connect

User · Answer

As mentioned on a Atlassian blog page  generate a config file within the  ssh folder  including the following text    user1 account  Host bitbucket org-user1      HostName bitbucket org      User git      IdentityFile    ssh user1      IdentitiesOnly yes    user2 account  Host bitbucket org-user2      HostName bitbucket org      User git      IdentityFile    ssh user2      IdentitiesOnly yes   Then you can simply checkout with the suffix domain and within the projects you can configure the author names  etc  locally

User · Answer

You can instruct ssh to try multiple keys in succession when connecting  Here s how     cat    ssh config IdentityFile    ssh id rsa IdentityFile    ssh id rsa old IdentityFile    ssh id ed25519       and so on    ssh server example com -v      debug1  Next authentication method  publickey debug1  Trying private key   home example  ssh id rsa debug1  read PEM private key done  type RSA debug1  Authentications that can continue  publickey debug1  Trying private key   home example  ssh id rsa old debug1  read PEM private key done  type RSA       server       This way you don t have to specify what key works with which server  It ll just use the first working key   Also you would only enter a passphrase if a given server is willing to accept the key  As seen above ssh didn t try to ask for a password for  ssh id rsa even if it had one   Surely it doesn t outbeat a per-server configuration as in other answers  but at least you won t have to add a configuration for all and every server you connect to

User · Answer

Generate an SSH key     ssh-keygen -t rsa -C  lt email1 example com gt   Generate another SSH key     ssh-keygen -t rsa -f    ssh accountB -C  lt email2 example com gt    Now  two public keys  id rsa pub  accountB pub  should be exists in the    ssh  directory     ls -l    ssh       see the files of     ssh   directory  Create configuration file    ssh config with the following contents     nano    ssh config  Host bitbucket org     User git     Hostname bitbucket org     PreferredAuthentications publickey     IdentityFile    ssh id rsa  Host bitbucket-accountB     User git     Hostname bitbucket org     PreferredAuthentications publickey     IdentitiesOnly yes     IdentityFile    ssh accountB  Clone from default account     git clone git bitbucket org username project git  Clone from the accountB account     git clone git bitbucket-accountB username project git    See More Here

User · Answer

I had run into this issue a while back  when I had two Bitbucket accounts and wanted to had to store separate SSH keys for both  This is what worked for me   I created two separate ssh configurations as follows   Host personal bitbucket org     HostName bitbucket org     User git     IdentityFile  Users username  ssh personal Host work bitbucket org     HostName bitbucket org     User git     IdentityFile  Users username  ssh work   Now when I had to clone a repository from my work account - the command was as follows   git clone git bitbucket org teamname project git   I had to modify this command to   git clone git   work   bitbucket org teamname project git   Similarly the clone command from my personal account had to be modified to     git clone git personal bitbucket org name personalproject git   Refer this link for more information

User · Answer

Use ssh-agent for your keys

User · Answer

I love the approach to set the following in file    ssh config     Configuration for GitHub to support multiple GitHub  keys Host  github com   HostName github com   User git    UseKeychain adds each keys passphrase to the keychain so you   don t have to enter the passphrase each time    UseKeychain yes    AddKeysToAgent would add the key to the agent whenever it is   used  which might lead to debugging confusion since then   sometimes the one repository works and sometimes the   other depending on which key is used first     AddKeysToAgent yes    I only use my private id file so all private   repositories don t need the environment variable    GIT SSH COMMAND  ssh -i    ssh id rsa   to be set    IdentityFile    ssh id rsa   Then in your repository you can create a  env file which contains the ssh command to be used   GIT SSH COMMAND  ssh -i    ssh your ssh key    If you then use e g  dotenv the environment environment variable is exported automatically and whoop whoop  you can specify the key you want per project directory  The passphrase is asked for only once since it is added to the keychain   This solution works perfectly with Git and is designed to work on a Mac  due to UseKeychain

User · Answer

I would agree with Tuomas about using ssh-agent  I also wanted to add a second private key for work and this tutorial worked like a charm for me   Steps are as below      ssh-agent bash   ssh-add  path to private key e g ssh-add    ssh id rsa Verify by   ssh-add -l Test it with  ssh -v  lt host url gt  e g ssh -v git assembla com

User · Answer

The previous answers have properly explained the way to create a configuration file to manage multiple ssh keys  I think  the important thing that also needs to be explained is the replacement of a host name with an alias name while cloning the repository   Suppose  your company s GitHub account s username is abc1234  And suppose your personal GitHub account s username is jack1234  And  suppose you have created two RSA keys  namely id rsa company and id rsa personal  So  your configuration file will look like below     Company account Host company HostName github com PreferredAuthentications publickey IdentityFile    ssh id rsa company    Personal account Host personal HostName github com PreferredAuthentications publickey IdentityFile    ssh id rsa personal   Now  when you are cloning the repository  named demo  from the company s GitHub account  the repository URL will be something like   Repo URL  git github com abc1234 demo git   Now  while doing git clone  you should modify the above repository URL as   git company abc1234 demo git   Notice how github com is now replaced with the alias  company  as we have defined in the configuration file   Similary  you have to modify the clone URL of the repository in the personal account depending upon the alias provided in the configuration file

User · Answer

On Ubuntu nbsp 18 04  Bionic Beaver  there is nothing to do   After having created an second SSH key successfully the system will try to find a matching SSH key for each connection   Just to be clear you can create a new key with these commands     Generate key make sure you give it a new name  id rsa server2  ssh-keygen    Make sure ssh agent is running eval  ssh-agent     Add the new key ssh-add    ssh id rsa server2    Get the public key to add it to a remote system for authentication cat    ssh id rsa server2 pub

User · Answer

On CentOS 6 5 running OpenSSH 5 3p1 and OpenSSL 1 0 1e-fips  I solved the problem by renaming my key files so that none of them had the default name   My  ssh directory contains id rsa foo and id rsa bar  but no id rsa  etc

User · Answer

For me  the only working solution was to simply add this in file    ssh config   Host     IdentityFile    ssh your ssh key   IdentityFile    ssh your ssh key2   IdentityFile    ssh your ssh key3   AddKeysToAgent yes   your ssh key is without any extension  Don t use  pub

User · Answer

IMPORTANT  You must start ssh-agent  You must start ssh-agent  if it is not running already  before using ssh-add as follows   eval  ssh-agent -s    start the agent  ssh-add id rsa 2   Where id rsa 2 is your new private key file   Note that the eval command starts the agent on Git Bash on Windows  Other environments may use a variant to start the SSH agent

User · Answer

From my  ssh config  Host myshortname realname example com     HostName realname example com     IdentityFile    ssh realname rsa   private key for realname     User remoteusername  Host myother realname2 example org     HostName realname2 example org     IdentityFile    ssh realname2 rsa    different private key for realname2     User remoteusername  Then you can use the following to connect  ssh myshortname ssh myother And so on

User · Answer

Now  with the recent version of Git  we can specify sshCommand in the repository-specific Git configuration file      core        repositoryformatversion   0       filemode   true       bare   false       logallrefupdates   true       sshCommand   ssh -i    ssh id rsa user     remote  origin         url   git bitbucket org user repo git       fetch    refs heads   refs remotes origin

User · Answer

You can try this sshmulti npm package for maintaining multiple SSH keys

User · Answer

ssh-add    ssh xxx id rsa   Make sure you test it before adding with   ssh -i    ssh xxx id rsa username example com   If you have any problems with errors sometimes changing the security of the file helps   chmod 0600    ssh xxx id rsa

[ssh] Best way to use multiple SSH private keys on one client

Multiple key pairs on GitHub

Examples related to ssh

Examples related to ssh-keys

Examples related to openssh