SSH is great for secure remote access and if you happen to connect to multiple machines then you will need multiple keys, especially if you are doing a password-less connection. Here is how to keep all your certificates nice and tidy.

First, create the new keys

[user@client]$ ssh-keygen -t rsa -f ~/.ssh/id_rsa.server1 -C "Key for Server1"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.server1.
Your public key has been saved in /home/user/.ssh/id_rsa.server1.pub.
The key fingerprint is:
5f:70:50:e8:81:14:bf:41:b7:fb:0d:be:75:b9:42:9f user@client.domain.com
The key's randomart image is:
+--[ RSA 2048]----+
|       .ooooo    |
|        .ooo .   |
|         .+.o    |
|          .= .   |
|        S . o .  |
|         . . + o.|
|          . . +.=|
|             . Eo|
|              o. |
+-----------------+

Do the same for server2

Now you should have the following files in your .ssh dir
id_rsa.server1
id_rsa.server1.pub
id_rsa.server2
id_rsa.server2.pub

Now create an SSH config file

[user@client]$ touch ~/.ssh/config
[user@client]$ chmod 600 ~/.ssh/config
[user@client]$ vi ~/.ssh/config
Host server1.domain.com
    IdentityFile    ~/.ssh/id_rsa.server1
    User             user1

Host server2.domain.com
    IdentityFile    ~/.ssh/id_rsa.server2
    User             user2

Now copy the public keys to their respective servers, and add them to the authorized keys file.

[user@client]$ scp ~/.ssh/id_rsa.server1 user1@server1.domain.com
[user@client]$ ssh user1@server1.domain.com 'cat ~/.ssh/id_rsa.server1 >> ~/.ssh/authorized_keys'
[user@client]$ ssh user1@server1.domain.com 'chmod 600 ~/.ssh/authorized_keys'

Do the same for server2

Now you can connect to server1 or server2 using the correct key and not have to enter a password. If you attempt to connect using a different username or from a different machine, you will need to use the user’s password. Also if you attempt to connect to a machine not listed in the config, then it will default to id_rsa (or id_dsa).

References:
SSH_CONFIG Man Page

Leave a Reply

You must be logged in to post a comment.