Skip to content

Instantly share code, notes, and snippets.

@copyleftdev

copyleftdev/sshkeys.md

Created August 24, 2024 07:03
Show Gist options
  • Save copyleftdev/04e779e643e1b5bc1624ef70566e0fc1 to your computer and use it in GitHub Desktop.
Save copyleftdev/04e779e643e1b5bc1624ef70566e0fc1 to your computer and use it in GitHub Desktop.
Download ZIP
The Ultimate Guide to Managing Multiple SSH Keys
Raw
sshkeys.md

πŸ” The Ultimate Guide to Managing Multiple SSH Keys

πŸš€ Basic Concepts

  • πŸ”‘ SSH keys consist of a public key and a private key
  • πŸ“‚ Keys are typically stored in ~/.ssh/
  • πŸ”’ Private keys should be kept secure and never shared
  • πŸ“€ Public keys are added to remote servers or services

πŸ“Š Creating SSH Keys

Command Description Example
ssh-keygen -t rsa -b 4096 -C "comment" πŸ”¨ Generate RSA key pair ssh-keygen -t rsa -b 4096 -C "[email protected]"
ssh-keygen -t ed25519 -C "comment" πŸ”¬ Generate Ed25519 key pair (more secure) ssh-keygen -t ed25519 -C "[email protected]"
  • πŸ’‘ Use meaningful names for your key files, e.g., id_rsa_work, id_ed25519_personal

πŸ“ Organizing Your Keys

  1. πŸ“‚ Create separate directories for different contexts:

    ~/.ssh/work/
~/.ssh/personal/
~/.ssh/project1/

  2. 🏷️ Use descriptive names for your keys:

    ~/.ssh/work/id_rsa_github
~/.ssh/personal/id_ed25519_gitlab
~/.ssh/project1/id_rsa_staging

βš™οΈ Configuring SSH

  1. πŸ“ Edit or create ~/.ssh/config
  2. πŸ–‹οΈ Add host-specific configurations:
# Work GitHub
Host github-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/work/id_rsa_github

# Personal GitLab
Host gitlab-personal
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/personal/id_ed25519_gitlab

# Project1 Staging Server
Host project1-staging
    HostName staging.project1.com
    User deploy
    IdentityFile ~/.ssh/project1/id_rsa_staging

πŸ”— Using Specific Keys

Command Description Example
ssh user@hostname πŸ–₯️ Connect using the config file ssh project1-staging
ssh -i ~/.ssh/keyfile user@hostname πŸ”‘ Specify key file directly ssh -i ~/.ssh/work/id_rsa_github [email protected]
git clone git@github-work:username/repo.git πŸ“š Use with Git (configured host) git clone git@github-work:company/project.git

πŸ” Managing SSH Agent

Command Description
ssh-add -l πŸ“‹ List added keys
ssh-add ~/.ssh/keyfile βž• Add a key to the agent
ssh-add -d ~/.ssh/keyfile βž– Remove a key from the agent
ssh-add -D 🧹 Remove all keys from the agent

πŸ”„ Key Rotation and Management

  1. πŸ” Regularly generate new keys (e.g., annually)
  2. πŸ”„ Update keys on remote servers/services
  3. πŸ—‘οΈ Safely delete old keys after rotation

πŸ”’ Security Best Practices

  1. πŸ”‘ Use strong passphrases for your keys
  2. 🚫 Never share private keys
  3. πŸ” Use different keys for different contexts (work, personal, projects)
  4. πŸ“΄ Store backup copies of your keys securely offline
  5. πŸ” Set appropriate permissions: chmod 600 ~/.ssh/id_rsa

πŸ› οΈ Troubleshooting

  1. πŸ” Use ssh -v for verbose output to debug connection issues
  2. πŸ”Ž Check key permissions (should be 600 for private keys)
  3. πŸ§ͺ Test connections with ssh -T [email protected] for GitHub
  4. πŸ”„ Ensure the correct key is being offered with ssh-add -l

πŸ“Š Practical Examples

  1. πŸ™ Setting up multiple GitHub accounts:

    # In ~/.ssh/config
Host github-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/personal/id_rsa_github_personal

Host github-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/work/id_rsa_github_work

    Usage: git clone git@github-personal:username/repo.git

  2. πŸ–₯️ Connecting to different environments:

    # In ~/.ssh/config
Host prod
    HostName production.example.com
    User produser
    IdentityFile ~/.ssh/work/id_rsa_production

Host staging
    HostName staging.example.com
    User staginguser
    IdentityFile ~/.ssh/work/id_rsa_staging

    Usage: ssh prod or ssh staging

  3. πŸ”„ Automatically add keys to ssh-agent: Add to your ~/.bashrc or ~/.zshrc:

    ssh-add -q ~/.ssh/personal/id_rsa_github_personal
ssh-add -q ~/.ssh/work/id_rsa_github_work

  4. πŸ“œ Create a key management script:

    #!/bin/bash
case $1 in
  "list") ssh-add -l ;;
  "add") ssh-add ~/.ssh/$2 ;;
  "remove") ssh-add -d ~/.ssh/$2 ;;
  "clear") ssh-add -D ;;
  *) echo "Usage: $0 {list|add|remove|clear}" ;;
esac

πŸ† Pro Tips

  1. πŸ“ Use meaningful comments when generating keys to easily identify them later
  2. πŸ”€ Consider using different key types (RSA, Ed25519) for different services
  3. 🧰 Familiarize yourself with ssh-keygen options for key management
  4. πŸ” Use a password manager to securely store key passphrases
  5. πŸ“š Keep a secure inventory of your keys and their purposes
  6. πŸ”„ Set up a key rotation schedule and stick to it
  7. πŸ§ͺ Regularly test your SSH configurations to ensure they're working correctly

Remember, proper SSH key management is crucial for maintaining security across your various accounts and services. Always prioritize security and follow best practices when handling SSH keys. Happy secure connecting! πŸ”πŸ–₯️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment