How to create ssh keys and manage multiple keys
SSH clients will typically use /.ssh/identity (ssh v1) or one of /.ssh/idrsa or /.ssh/iddsa (v2) as the default private key. You can change this in /.ssh/config (the IdentityFile parameter - the -i option to SSH actually overrides this. See man sshconfig for details). Generate an SSH key pair. If you do not have an existing SSH key pair, generate a new one. Open a terminal. Type ssh-keygen -t followed by the key type and an optional comment. This comment is included in the.pub file that’s created. You may want to use an email address for the comment. The directory /.ssh/ is the default location for SSH key pairs and the SSH config file. If not specified with a full path, ssh-keygen creates the keys in the current working directory, not the default /.ssh. List of the /.ssh.
How to create ssh keys, how to get them safely to your server, and how to manage multiple keys and make ssh-ing into a machine really easy.
Check for existing ssh keys
List files in the default, hidden, ssh directory:
If you don’t have an ~/.ssh directory, go ahead and make it:
Generate the ssh key
The previous answers have properly explained the way to create a configuration file to manage multiple ssh keys. I think, the important thing that also needs to be explained is the replacement of a host name with an alias name while cloning the repository. Suppose, your company's GitHub account's username is.
Make a key using the ssh-keygen utility, run that command on your local machine:
It’ll ask you where to save it, if this is the first key you’re making, then just hit enter and it’ll make it in ~/.ssh/id_rsa. If you already have a key, and want to make new key, then use a different name, like ~/.ssh/id_rsa_foo, it can be anything though.
Next it asks to make a passphrase, it’s a password you have to type when logging in with the key. It can be left blank by hitting enter.
Two files were created:
id_rsa_foo- This is your key file that sits on the local machine.
id_rsa_foo.pub- this is the public file that goes to your remote server.
Now you have the key, go ahead and pop it open to a text editor, or cat it $ cat id_rsa_foo.
Show an example ssh key
And the public file looks approximately like this:
Third step: copy the key to remote server
Ssh Configuration File
If you used something like DigitalOcean to create your cloud server, then the key is already there. It’s in /root/.ssh/authorized_keys, to be precise.
But if you don’t have it, there are clever ways to copy it over.
In the remote machine there is a file ~/.ssh/authorized_keys, we need to upload the public key there, there are few way to go about this.
Method 1: ssh-copy-id
Probably the most painless solution, downside being it won't work on OS X (scroll to method #2 if you’re on OS X).
The syntax in whole goes like:
So the custom named pub file would go like this
Method 2: redirecting
This is more verbose but it should work:
Note that a port is specified -p 5555, if you have your ssh listening to a default port, you might not need that.
Method 3: manual copy
Just copy and paste manually the public key, cat it out and just copy it:
Ssh Config File Key Path
Login to the remote server and find the ~/.ssh/authorized_keys and paste it at the end.
Test the ssh connection
Now it should work, test it by exiting your box ($ exit). Then try to ssh back into it by using the new key:
The -i flag stands for identify, and should be a path to the file we just created.
Manage multiple ssh keys
It’s probably good to have many keys, e.g. one for GitHub, one for BitBucket, one for your server. By default ssh looks for the key called id_rsa.pub, we have to tell ssh to look for a different public key file depending on the service. This is where the config file comes handy.
SSH config file
The config file lives in ~/.ssh/config, if it’s not there, go ahead and make it: sudo touch ~/.ssh/config.
Contents of the file should looks something like:
Host- This can be anything, it’s the shortname.
HostName- IP or host name.
Port- Open port in the server, might not need this.
IdentityFile- Where the key file is.
User- User on the server, this is needed if your user on the server is different than on local machine.
Now, logging in is as easy as: $ ssh myserver.
Add more servers after the first one, if needed:
Conclusions
If you ever have a whiff of doubt that your key is compromised, then make a new one.
Hope this was helpful.
-->Note
This reference is part of the ssh extension for Azure CLI and requires version 2.4.0 or higher. The extension will automatically install the first time you run an az ssh command. Learn more about extensions.
SSH into resources (Azure VMs, etc) using AAD issued openssh certificates.
Commands
| az ssh cert | Create an SSH RSA certificate signed by AAD. |
| az ssh config | Create an SSH config for resources (Azure VMs, etc) which can then be imported to 3rd party SSH clients. |
| az ssh vm | SSH into Azure VMs using an ssh certificate. |
Create an SSH RSA certificate signed by AAD.
Examples
Create a short lived ssh certificate signed by AAD
Optional Parameters
The file path to write the SSH cert to, defaults to public key path with -aadcert.pub appened.
The RSA public key file path.
Global ParametersIncrease logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Create an SSH config for resources (Azure VMs, etc) which can then be imported to 3rd party SSH clients.
Examples
Give a resource group and VM for which to create a config, and save in a local file
Give the public IP (or hostname) of a VM for which to create a config
Create a generic config for use with any host
Required Parameters
Optional Parameters
Will use a private IP if available. By default only public IPs are used.
The RSA private key file path.
The RSA public key file path.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
SSH into Azure VMs using an ssh certificate.
Examples
Give a resource group and VM to SSH to
Give the public IP (or hostname) of a VM to SSH to
Optional Parameters
Will use a private IP if available. By default only public IPs are used.
The RSA private key file path.
The RSA public key file path.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.