I've read a bunch on how to do using rsa. Now, how can I create multiple ssh keys using EdDSA i.e. id_ed25519
I can't add the same existing key to multiple github accounts I own (key already in use)
While attempting to create a second key, I'm unable to write a custom name (like one does when using rsa) inside the script
ssh-keygen -t ed25519_customname -C "myemail#gmail.com"
docs don't cover that either
How can I create multiple EdDSA SSH keys?
I want to access a host with a specific user, but I want this user to have multiple SSH keys.
Why? This is the user for deployment on the server and there are multiple developers who have to deploy. I'd like to use a different key for each developer.
(Yes, I could create multiple deployment users, but that's quite costly on this managed server)
Example:
bob#bobs-workstation$ ssh -i ~/.ssh/id_rsa.bob deploy#host.com
alice#alices-workstation$ ssh -i ~/.ssh/id_rsa.alice deploy#host.com
Is this even possible?
In similar questions it's always about different users or different hosts and multiple SSH keys, but in this case it's about the same user and the same host with multiple SSH keys.
Turns out I found no questions about that because it's the most trivial case there is:
Yes, it's possible for a single user to accept multiple public SSH keys.
The text of the key files all have to be copied into /home/deploy/.ssh/authorized_keys (deploy was the user in the above example).
This is what the content of authorized_keys could look like:
ssh-rsa *bobsunintellegiblepublickeyformultiplelines* bob_at_deploy#host.com
ssh-rsa *alicesunintellegiblepublickeyformultiplelines* alice_at_deploy#host.com
So I have 2 public/private key pairs (id_rsa and id_rsa.pub - one of them is sitting in a "key_backup" folder I made currently), one for GitHub and one for passwordless SSH'ing into a cluster. I looked around Google and could only find guides on how to use two public keys at the same time.. does the same hold for private keys?
How can I maintain authentication w/ GitHub while also being able to maintain passwordless login with my cluster?
Thanks!
-kstruct
You can use multiple private keys at the same time by making sure that your ssh key agent knows about both keys: ssh-add id_rsa1 id_rsa2 on Mac OS or Linux, or add both to Pageant on Windows.
The other option would be to create separate Host entries in ~/.ssh/config that points each of your two keys at their intended uses.
I want to use Gitolite for Git access control.
My question is on ssh keygen for dynamic IP changing workstations. So, do I need to generate ssh keys every time whenever my IP changes. This going to be tedious work for all developers as they use laptops and they need to generate keys and push to Gitolite repo.
Is there any workaround or some other solutions for this ssh public keys generation problem for Gitolite use?
Key generation has nothing to do with IP address from the client perspective.
When you generate an SSH key-pair, for lack of a better analogy, you're generating some files which contain really long numbers which can be used to encrypt or decrypt things. The private key is stored in .ssh/id_rsa (for an RSA key) and the public key is stored in .ssh/id_rsa.pub
You can move that key pair to any machine you wish. You should make sure that the private key is always well protected. The public key, you can give to anyone or copy it wherever you like. It's public. You can also have multiple keys on a machine, with different keys used for different hosts. This is controlled by a .ssh/config file. However, most users don't need that, and stick with a single key pair.
Specifically in the case of gitolite, you'll be storing the public keys of your users in the gitolite-admin/keys directory.
In any case, the fact that your laptop's IP address is changing will have no effect on your keys.
Bluehost only recommends PuTTy. However, is it possible to use ssh keys without any extra, visible programs in Mac?
I would like to have a connection to my server to be a breeze, so that I can control my server in Terminal.
Of course! On Unix and OS X, the ssh-keygen command will generate public and private keys for SSH public-key authentication. The usual way to invoke this command (on the client) is:
ssh-keygen -t rsa
This command will ask you where to place your private key; the default place is ~/.ssh/id_rsa, and the public key will be placed in the file of the same name with a .pub extension added (for example: ~/.ssh/id_rsa.pub). The command also asks you to create a password ("passphrase") for the private key; you can leave it blank for no password as I do, but I don't recommend this practice.
Once you have your public and private keys on the client computer, you need to make your server recognize that public key. If you have shell access to the server, you can upload the public key file with scp, then use ssh to run the following command on the server:
cat id_rsa.pub >> ~/.ssh/authorized_keys
If your hosting company doesn't give you shell access (though Bluehost does), or this procedure doesn't work, it will likely give you a web interface to the same functionality.
Once your server is set up to recognize your public key, it will allow you access without a password when ssh on the client tries to use your private key for authentication. You may still have to enter your private key's password, but typically you only need to do this once for each client login session.
Sure, I do this all the time. Just follow these directions to generate an SSH key and copy it to your server. The instructions should work on both Mac and Linux.
SSHKeychain is pretty much ideal for this. It lives unobtrusively on the menu bar and integrates seamlessly with OS X's Keychain and SSH implementations.
You will need to use ssh-keygen as described in other answers, but once you've done that you can use SSHKeychain to avoid having to type your private key passphrase all the time.
OpenSSH should be available to you on OS X; open a terminal and check out "man ssh". SSH keys get stored (in a format different from PuTTY) in ~/.ssh. Having a config in ~/.ssh/config can make your life easier, too; you'll be able to say "Use this $SHORTNAME for this $HOST using this $KEY" and similar.
At the terminal prompt do
$ apropos ssh
You should get a list of all the programs Mac OS X comes with related to ssh.
Using the ssh* tools, your ssh keys will be stored under ~/.ssh. PuTTY is nice, but compared to the standard OpenSSH tools, it's really only useful on Windows systems.
Sure can! First run:
ssh-keygen
And go through the steps. It is a good idea to give it a password and such. Then you can:
cat ~/.ssh/id_rsa.pub
and copy-paste the result into the bluehost public key textarea.