SSH is great for secure remote access and if you happen to connect to multiple machines then you will need multiple keys, especially if you are doing a password-less connection. Here is how to keep all your certificates nice and tidy.

First, create the new keys

[user@client]$ ssh-keygen -t rsa -f ~/.ssh/id_rsa.server1 -C "Key for Server1"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.server1.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
|       .ooooo    |
|        .ooo .   |
|         .+.o    |
|          .= .   |
|        S . o .  |
|         . . + o.|
|          . . +.=|
|             . Eo|
|              o. |

Do the same for server2

Now you should have the following files in your .ssh dir

Now create an SSH config file

[user@client]$ touch ~/.ssh/config
[user@client]$ chmod 600 ~/.ssh/config
[user@client]$ vi ~/.ssh/config
    IdentityFile    ~/.ssh/id_rsa.server1
    User             user1

    IdentityFile    ~/.ssh/id_rsa.server2
    User             user2

Now copy the public keys to their respective servers, and add them to the authorized keys file.

[user@client]$ scp ~/.ssh/id_rsa.server1
[user@client]$ ssh 'cat ~/.ssh/id_rsa.server1 >> ~/.ssh/authorized_keys'
[user@client]$ ssh 'chmod 600 ~/.ssh/authorized_keys'

Do the same for server2

Now you can connect to server1 or server2 using the correct key and not have to enter a password. If you attempt to connect using a different username or from a different machine, you will need to use the user’s password. Also if you attempt to connect to a machine not listed in the config, then it will default to id_rsa (or id_dsa).


Leave a Reply

You must be logged in to post a comment.