I want to use multiple private keys to connect to different servers or different portions of the same server (my uses are system administration of server, administration of Git, and normal Git usage within the same server). I tried simply stacking the keys in the id_rsa files to no avail.
Apparently a straightforward way to do this is to use the command
ssh -i <key location> login@server.example.com
That is quite cumbersome.
Any suggestions as to how to go about doing this a bit easier?
From my .ssh/config:
Host myshortname realname.example.com
HostName realname.example.com
IdentityFile ~/.ssh/realname_rsa # private key for realname
User remoteusername
Host myother realname2.example.org
HostName realname2.example.org
IdentityFile ~/.ssh/realname2_rsa # different private key for realname2
User remoteusername
And so on.
The answer from Randal Schwartz almost helped me all the way. I have a different username on the server, so I had to add the User keyword to my file:
Host friendly-name
HostName long.and.cumbersome.server.name
IdentityFile ~/.ssh/private_ssh_file
User username-on-remote-machine
Now you can connect using the friendly-name:
ssh friendly-name
More keywords can be found on the OpenSSH man page. NOTE: Some of the keywords listed might already be present in your /etc/ssh/ssh_config file.
You can instruct ssh to try multiple keys in succession when connecting. Here\'s how:
$ cat ~/.ssh/config
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_rsa_old
IdentityFile ~/.ssh/id_ed25519
# ... and so on
$ ssh server.example.com -v
....
debug1: Next authentication method: publickey
debug1: Trying private key: /home/example/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/example/.ssh/id_rsa_old
debug1: read PEM private key done: type RSA
....
[server ~]$
This way you don\'t have to specify what key works with which server. It\'ll just use the first working key.
Also you would only enter a passphrase if a given server is willing to accept the key. As seen above ssh didn\'t try to ask for a password for .ssh/id_rsa even if it had one.
Surely it doesn\'t outbeat a per-server configuration as in other answers, but at least you won\'t have to add a configuration for all and every server you connect to!
foo:~$ssh-add ~/.ssh/xxx_id_rsa
Make sure you test it before adding with:
ssh -i ~/.ssh/xxx_id_rsa username@example.com
If you have any problems with errors sometimes changing the security of the file helps:
chmod 0600 ~/.ssh/xxx_id_rsa
The previous answers have properly explained the way to create a configuration file to manage multiple ssh keys. I think, the important thing that also needs to be explained is the replacement of a host name with an alias name while cloning the repository.
Suppose, your company\'s GitHub account\'s username is abc1234. And suppose your personal GitHub account\'s username is jack1234
And, suppose you have created two RSA keys, namely id_rsa_company and id_rsa_personal. So, your configuration file will look like below:
# Company account
Host company
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_company
# Personal account
Host personal
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
Now, when you are cloning the repository (named demo) from the company\'s GitHub account, the repository URL will be something like:
Repo URL: git@github.com:abc1234/demo.git
Now, while doing git clone, you should modify the above repository URL as:
git@company:abc1234/demo.git
Notice how github.com is now replaced with the alias \"company\" as we have defined in the configuration file.
Similary, you have to modify the clone URL of the repository in the personal account depending upon the alias provided in the configuration file.
I would agree with Tuomas about using ssh-agent. I also wanted to add a second private key for work and this tutorial worked like a charm for me.
Steps are as below:
$ ssh-agent bash$ ssh-add /path.to/private/key e.g ssh-add ~/.ssh/id_rsa$ ssh-add -l$ssh -v <host url> e.g ssh -v git@assembla.comGenerate SSH key:
$ ssh-keygen -t rsa -C <email1@example.com>
Generate another SSH key:
$ ssh-keygen -t rsa -f ~/.ssh/accountB -C <email2@example.com>
Now, two public keys (id_rsa.pub, accountB.pub) should be exists in the ~/.ssh/ directory.
$ ls -l ~/.ssh # see the files of \'~/.ssh/\' directory
Create config file ~/.ssh/config with the following contents:
$ nano ~/.ssh/config
Host bitbucket.org
User git
Hostname bitbucket.org
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
Host bitbucket-accountB
User git
Hostname bitbucket.org
PreferredAuthentications publickey
IdentitiesOnly yes
IdentityFile ~/.ssh/accountB
Clone from default account.
$ git clone git@bitbucket.org:username/project.git
Clone from accountB account.
$ git clone git@bitbucket-accountB:username/project.git
See More Here
Use ssh-agent for your keys.
I had run into this issue a while back, when I had two Bitbucket accounts and wanted to had to store separate SSH keys for both. This is what worked for me.
I created two separate ssh configurations as follows.
Host personal.bitbucket.org
HostName bitbucket.org
User git
IdentityFile /Users/username/.ssh/personal
Host work.bitbucket.org
HostName bitbucket.org
User git
IdentityFile /Users/username/.ssh/work
Now when I had to clone a repository from my work account - the command was as follows.
git clone git@bitbucket.org:teamname/project.git
I had to modify this command to:
git clone git@**work**.bitbucket.org:teamname/project.git
Similarly the clone command from my personal account had to be modified to
git clone git@personal.bitbucket.org:name/personalproject.git
Refer this link for more information.
Now, with recent version of git, we can specify sshCommand in repository specific git config file.
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
sshCommand = ssh -i ~/.ssh/id_rsa_user
[remote \"origin\"]
url = git@bitbucket.org:user/repo.git
fetch = +refs/heads/*:refs/remotes/origin/*
IMPORTANT: You must start ssh-agent
You must start ssh-agent (if it is not running already) before using ssh-add as follows:
eval `ssh-agent -s` # start the agent
ssh-add id_rsa_2 # where id_rsa_2 is your new private key file
Note that the eval command starts the agent on GIT bash on windows. Other environments may use a variant to start the SSH agent.
You can create a configuration file named config in your ~/.ssh folder. It can contain:
Host aws
HostName *yourip*
User *youruser*
IdentityFile *idFile*
This will allow you to connect to machines like this
ssh aws
On Centos 6.5 running OpenSSH_5.3p1, OpenSSL 1.0.1e-fips, I solved the problem by renaming my key files so that none of them had the default name. My .ssh directory contains id_rsa_foo and id_rsa_bar but no id_rsa, etc.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 人间绝色 的文章《Best way to use multiple SSH private keys on one c》','https://www.manongdao.com/article-8469.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}