Previous Section  < Day Day Up >  Next Section

Recipe 17.5. Using Multiple Key Pairs

17.5.1 Problem

You would like to generate separate sets of keys for accessing different hosts, or different types of accounts. For example, you would like one SSH key for administering an FTP server, and a different one for accessing your private user accounts.

17.5.2 Solution

You can name your key pairs anything you like with ssh-keygen. ssh-keygen will automatically append .pub to the public key. Always create a passphrase!

akkana@windbag:$ ssh-keygen -t rsa -f /home/akkana/.ssh/ftp_key

Generating public/private rsa key pair.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/akkana/.ssh/ftp_key.

Your public key has been saved in /home/akkana/.ssh/

The key fingerprint is:

95:d2:12:55:66:ba:ec:a8:5c:40:4b:1e:03:2b:6c:ea akkana@windbag


When you create a key pair with non-default names, you need to enter the private key name in ~/.ssh/ssh_config. If this file does not exist, create it, and make an entry like this:

IdentityFile  ~/.ssh/ftp_key

17.5.3 Discussion

There should be a copy of the default ssh_config in /etc/ssh. When you make changes, the simplest method is to append your options to the end of the file.

ssh_config is for both user-specific configurations and system-wide client options. Creating and storing a copy in a user's home directory configures user-specific options.

17.5.4 See Also

  • ssh(1), ssh_config(5)

  • SSH, The Secure Shell: The Definitive Guide

    Previous Section  < Day Day Up >  Next Section