how - Best way to use multiple SSH private keys on one client




ssh multiple public keys (9)

  1. Generate SSH key:

    $ ssh-keygen -t rsa -C <[email protected]>
    
  2. Generate another SSH key:

    $ ssh-keygen -t rsa -f ~/.ssh/accountB -C <[email protected]>
    

    Now, two public keys (id_rsa.pub, accountB.pub) should be exists in the ~/.ssh/ directory.

    $ ls -l ~/.ssh     # see the files of '~/.ssh/' directory 
    
  3. Create config file ~/.ssh/config with the following contents:

    $ nano ~/.ssh/config
    
    Host bitbucket.org  
        User git  
        Hostname bitbucket.org
        PreferredAuthentications publickey  
        IdentityFile ~/.ssh/id_rsa  
    
    Host bitbucket-accountB  
        User git  
        Hostname bitbucket.org  
        PreferredAuthentications publickey  
        IdentitiesOnly yes  
        IdentityFile ~/.ssh/accountB  
    
  4. Clone from default account.

    $ git clone [email protected]:username/project.git
    
  5. Clone from accountB account.

    $ git clone [email protected]:username/project.git
    

See More Here

I want to use multiple private keys to connect to different servers or different portions of the same server (my uses are system administration of server, administration of Git, and normal Git usage within the same server). I tried simply stacking the keys in the id_rsa files to no avail.

Apparently a straightforward way to do this is to use the command

ssh -i <key location> [email protected] 

That is quite cumbersome.

Any suggestions as to how to go about doing this a bit easier?


IMPORTANT: You must start ssh-agent

You must start ssh-agent (if it is not running already) before using ssh-add as follows:

eval `ssh-agent -s` # start the agent

ssh-add id_rsa_2 # where id_rsa_2 is your new private key file

Note that the eval command starts the agent on GIT bash on windows. Other environments may use a variant to start the SSH agent.


I had run into this issue a while back, when I had two Bitbucket accounts and wanted to had to store separate SSH keys for both. This is what worked for me.

I created two separate ssh configurations as follows.

Host personal.bitbucket.org
    HostName bitbucket.org
    User git
    IdentityFile /Users/username/.ssh/personal
Host work.bitbucket.org
    HostName bitbucket.org
    User git
    IdentityFile /Users/username/.ssh/work

Now when I had to clone a repository from my work account - the command was as follows.

git clone [email protected]:teamname/project.git

I had to modify this command to:

git clone [email protected]**work**.bitbucket.org:teamname/project.git

Similarly the clone command from my personal account had to be modified to

git clone [email protected]personal.bitbucket.org:name/personalproject.git

Refer this link for more information.


I would agree with Tuomas about using ssh-agent. I also wanted to add a second private key for work and this tutorial worked like a charm for me.

Steps are as below:

  1. $ ssh-agent bash
  2. $ ssh-add /path.to/private/key e.g ssh-add ~/.ssh/id_rsa
  3. Verify by $ ssh-add -l
  4. Test it with $ssh -v <host url> e.g ssh -v [email protected]

On Centos 6.5 running OpenSSH_5.3p1, OpenSSL 1.0.1e-fips, I solved the problem by renaming my key files so that none of them had the default name. My .ssh directory contains id_rsa_foo and id_rsa_bar but no id_rsa, etc.


The answer from Randal Schwartz almost helped me all the way. I have a different username on the server, so I had to add the User keyword to my file:

Host           friendly-name
HostName       long.and.cumbersome.server.name
IdentityFile   ~/.ssh/private_ssh_file
User           username-on-remote-machine

Now you can connect using the friendly-name:

ssh friendly-name

More keywords can be found on the OpenSSH man page. NOTE: Some of the keywords listed might already be present in your /etc/ssh/ssh_config file.


Use ssh-agent for your keys.


You can create a configuration file named config in your ~/.ssh folder. It can contain:

Host aws
    HostName *yourip*
    User *youruser*
    IdentityFile *idFile*

This will allow you to connect to machines like this

 ssh aws

foo:~$ssh-add ~/.ssh/xxx_id_rsa

Make sure you test it before adding with:

ssh -i ~/.ssh/xxx_id_rsa [email protected]

If you have any problems with errors sometimes changing the security of the file helps:

chmod 0600 ~/.ssh/xxx_id_rsa




openssh