SSH, multiple identities, but no passwords!
SSH, multiple identities, but no passwords!
Secure Shell is a great tool for securely connecting between several machines. In the past weeks, I am using it more and more, but I was getting tired of typing too much. I found a great article on setting up passwordless authentication using public/private keys and defining multiple SSH identities, but it still wasn’t enough.
I manage multiple Unix users on Dreamhost, a plethora of Linux virtual machines at work,
running Jenkins builders and two additional machines at home.
With ssh-keygen
, you can generate multiple different public/private keypairs (aka an identity).
The section “Selecting Keys” of the above-mentioned article describes how you can select a
specific identity for connecting to a specific host. The example below shows how to connect to
one of my DreamHost user accounts in a passwordless manner:
$ ssh -i ~/.ssh/dh-user1 user1@boba.dreamhost.com
If you have a long list of accounts, it would definitely be easy to use shortcuts for every
combination of user@host
and link that up to a specific SSH identity. Well, this is possible
with the use of an SSH config file. I found out about this file
here and then read more about it in the
man page.
When you have user1
and user2
as accounts on your remote machine, in my case boba.dreamhost.com
,
and having different SSH identities for each user (dh-user1[.pub]
and dh-user2[.pub]
), how do
you link everything together to be able to just type one of the following:
$ ssh dh-user1
$ ssh dh-user2
Actually, this is quite easy. Here is the ~/.ssh/config
file in my local account
(the account I’m making SSH connections from):
Host dh-user1
User user1
HostName boba.dreamhost.com
IdentityFile ~/.ssh/dh-user1
Host dh-user2
User user2
HostName boba.dreamhost.com
IdentityFile ~/.ssh/dh-user2
Every section in this file starts with Host ConnectionName
followed by a number of
connection parameters that are fully described in the man page. In my case, I specify the
real host name, the username on the remote machine, and the identity file I want to
link to that account.
Done!