The more projects you handle, the more servers you manage. But when you use SSH to servers of different projects, are you using the same private key?
And how secure do you feel about this? Let's imagine. One day, your powerful private key gets compromised somehow. Boom! All your servers and all your projects are in danger.
Check out this post, and get improved security for all your projects, in just five minutes!
Step 1: Generate Different SSH Key Pairs For Different Projects
Using ssh-keygen, we can easily generate as many SSH key pairs as we need. Let's say we already have two key pairs for two projects: project1_id_rsa and project2_id_rsa.
Step 2: Use Different Private Keys Selectively but in an Easy Way!
Version 1.0: We need to manually specify a private key when we send an SSH to different servers.
# ssh to server in project1 ssh -i project1_id_rsa user1@server1 # ssh to server in project2 ssh -i project2_id_rsa user2@server2
It works, but typing those extra characters thousands of times is not fun. And it's pointless.
Version 2.0: Create an alias in ~/.ssh/config, then use SSH with that alias.
# Server in project1 host server1 HostName 220.127.116.11 StrictHostKeyChecking no Port 22 User user1 IdentityFile /data/project1_id_rsa # Server in project2 host server2 HostName 18.104.22.168 StrictHostKeyChecking no Port 22 User user2 IdentityFile /data/project2_id_rsa
Using SSH with an alias is quite easy and straightforward. Here's how to do it:
# ssh to server in project1 ssh server1 # ssh to server in project2 ssh server2
So are we good now? Hang on, my friend. Not yet.
Let's say you have tens of, or hundreds of, servers. You don't want to configure them one by one, right?
Version 3.0: Update ~/.ssh/config to load all SSH private keys.
# Load private key of project1 IdentityFile /data//project1_id_rsa # Load private key of project2 IdentityFile /data/project2_id_rsa
Now you can use SSH like you normally would: "ssh user1@server1".
SSH will try to use all your private keys one by one. To confirm this, use SSH with the -vvv option.
# $ ssh -vvv user1@server1 date 2>&1 | grep "debug1: Offering RSA public key" # debug1: Offering RSA public key: /data/.ssh/project1_id_rsa # debug1: Offering RSA public key: /data/.ssh/project2_id_rsa
You can argue it will waste some time on the retry. Yes, it does. But it's fast enough to get the job done before we can even notice the difference.
And SSH tries the keys from top to bottom. So, if we put frequently used keys at the top it will speed things up a little bit.
Step 3: [Optional] Secure Your SSH Private Key With Passphrase
To make it better, add passphrase protection for your SSH private keys. Check this article on the topic: Manage SSH Key File With Passphrase.
So now, go have a try at using SSH with the tips shared in this post!
Please leave me comments, if you have any questions or feedback.
And don't forget to share this post, if you find it might be useful for your friends or colleagues.