A better way to handle SSH keys

I pair with quite a lot of developers and one thing I have noticed is most of them only use one SSH keypair for all of their services/servers. This isn’t the worst security threat out there but it does pose a significant one. Also it is pretty inconvenient if your public key gets stolen like in the recent CircleCi attack as you need to change the keypair on every service you use.

A multi key setup is pretty easy to implement:

Step 1. Create somewhere to store the key:

  mkdir ~/.ssh/github

Step 2. Create the SSH key:

  ssh-keygen -t rsa -f ~/.ssh/github/id_rsa -C "github key"

Step 3. Add the key to your SSH config:

  vim ~/.ssh/config
  Host github.com
  User git
  IdentityFile ~/.ssh/github/id_rsa

  Note: you don’t have to include a user.

Step 4. Test

  ssh git@github.com
Written on November 12, 2013