The more projects you handle, the more servers you manage. But when you use SSH to servers of different projects, are you using the same private key?

And how secure do you feel about this? Let's imagine. One day, your powerful private key gets compromised somehow. Boom! All your servers and all your projects are in danger.

Check out this post, and get improved security for all your projects, in just five minutes!

Step 1: Generate Different SSH Key Pairs For Different Projects

Using ssh-keygen, we can easily generate as many SSH key pairs as we need. Let's say we already have two key pairs for two projects: project1_id_rsa and project2_id_rsa.

Step 2: Use Different Private Keys Selectively but in an Easy Way!

Version 1.0: We need to manually specify a private key when we send an SSH to different servers.

# ssh to server in project1
ssh -i project1_id_rsa user1@server1

# ssh to server in project2
ssh -i project2_id_rsa user2@server2

It works, but typing those extra characters thousands of times is not fun. And it's pointless.

Version 2.0: Create an alias in ~/.ssh/config, then use SSH with that alias.

# Server in project1
host server1
     HostName 104.237.153.156
     StrictHostKeyChecking no
     Port 22
     User user1
     IdentityFile /data/project1_id_rsa

# Server in project2
host server2
     HostName 52.9.159.178
     StrictHostKeyChecking no
     Port 22
     User user2
     IdentityFile /data/project2_id_rsa

Using SSH with an alias is quite easy and straightforward. Here's how to do it:

# ssh to server in project1
ssh server1

# ssh to server in project2
ssh server2

So are we good now? Hang on, my friend. Not yet.

Let's say you have tens of, or hundreds of, servers. You don't want to configure them one by one, right?

Version 3.0: Update ~/.ssh/config to load all SSH private keys.

# Load private key of project1
IdentityFile /data//project1_id_rsa

# Load private key of project2
IdentityFile /data/project2_id_rsa

Now you can use SSH like you normally would: "ssh user1@server1".

SSH will try to use all your private keys one by one. To confirm this, use SSH with the -vvv option.

# $ ssh -vvv user1@server1 date 2>&1 | grep "debug1: Offering RSA public key"
#   debug1: Offering RSA public key: /data/.ssh/project1_id_rsa
#   debug1: Offering RSA public key: /data/.ssh/project2_id_rsa

You can argue it will waste some time on the retry. Yes, it does. But it's fast enough to get the job done before we can even notice the difference.

And SSH tries the keys from top to bottom. So, if we put frequently used keys at the top it will speed things up a little bit.

Step 3: [Optional] Secure Your SSH Private Key With Passphrase

To make it better, add passphrase protection for your SSH private keys. Check this article on the topic: Manage SSH Key File With Passphrase.

So now, go have a try at using SSH with the tips shared in this post!

Please leave me comments, if you have any questions or feedback.

And don't forget to share this post, if you find it might be useful for your friends or colleagues.

Related Reading:

• 4 Reasons Why SSH Connection Fails
• Reverse SSH Tunnel: Export Your Mac Laptop To The Internet
• Linux Measure Process Execution Time, When Already Started
• Better cp Command, Before Changing Config Files Manually