Handling multiple SSH keys in your SSH config

I've been frustrated lately trying to juggle multiple SSH keys on various servers I'm on. If I've got one set up to the Subversion server at work, then I can't authenticate with github. If I let github be the server that I have a private key for, then I'm entering a password whenever I do an "svn up" on the work server.

I played with ssh-agent, but that seemed to require starting up a process every time I logged in, and I couldn't get it running in my .bashrc, and it required manually adding keys.

And then I stumbled across this article that introduced me to the IdentityFile argument. Now I have this in my ~/.ssh/config and all is well with the world.

Host github.com
    HostName github.com
    IdentityFile ~/.ssh/github_rsa
    User petdance

2 Comments

ydna said:

Or use ForwardAgent to forward your local authentication on through intermediate connections. The upside is you don't have to have private keys stored on remote systems. And when you disconnect, no one can use it since there's no keys left around. And if you're on a Mac and you don't trust root on the machines you connect with, get SSHKeychain which will intercept authentication requests and prompt you for approval.

I use keychain to manage multiple keys. It ends up handling all the funky ssh-agent stuff that I could never be bothered with. I just type in my passphrase for each key once on login and connect to my hearts content. Don't need to re-enter phrases again until ssh-agent somehow dies. It even survives an X failure.

Add keys to your keychain in your profile/bashrc like so. The sourced script is which autogenerated by keychain on first run and informs keychain of the relevant agent PIDs.

keychain /path/toprivate_key
keychain /an/other/key
source ~/.keychain/hostname.sh

Leave a comment

About this Entry

This page contains a single entry by Andy Lester published on May 27, 2010 1:22 PM.

Cool vim plugin of the day: surround.vim was the previous entry in this blog.

Fixing my #1 bash annoyance is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Other Perl Sites

Other Swell Blogs

  • geek2geek: An ongoing analysis of how geeks communicate, how we fail and how to fix it.