When connecting to a system via SSH there are normally two ways to do so. First and most common is to use an username and password to login. The second method is via SSH Keys.

What are SSH Keys?

SSH Keys are public and private security certificates that are used by SSH to authenticate a remote session without the need for any user interaction. Your private key is stored in your user profile, normally as "~/.ssh/id_rsa" or "~/.ssh/id_dsa". This should be protected as you would your password or bank account number because with this file anyone can access your remote accounts. The public key is place on any system you wish to remote to via SSH, in the user's authorized_keys file in their .ssh folder ("~/.ssh/authorized_keys"). Once saved in this file, anytime you connect via SSH using your private key, you will automatically be logged in as that user.

That sounds great. So what's the problem?

After awhile of using SSH Keys for authentication, you will have one key that will give access to every system you have. I personally believe this to be a huge security hole as if your private key was ever comprised, the attacker would have access to all of your systems. So you can create multiple SSH Keys and just store them in different files or folders. Then you can use the "-i" option to specify the SSH Key you wish to use when you connect to a system.

Sounding even better! Is there still something else?

Why should we have to remember where we saved the SSH Key and the name for it? Why do we have to manually type the "-i" option for every SSH session? Well you don't! You can create a custom SSH config file for your profile that will try to load dynamically the correct SSH Key file based on the host you are connecting to and the username. To accomplish this, you would create the config file in your .ssh folder ("~/.ssh/config"). Then populated the file with these lines:

IdentityFile ~/.ssh/ids/%h/%r/id_rsa
IdentityFile ~/.ssh/ids/%h/%r/id_dsa
IdentityFile ~/.ssh/ids/%h/id_rsa
IdentityFile ~/.ssh/ids/%h/id_dsa
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa

This is telling SSH to set the IdentityFile (SSH Key) used based off the %h and %r variables which correspond to host and username. In the following "ssh ubuntu@myserver.example.com", the username is "ubuntu" and the host is "myserver.example.com". If you were to connect via the IP of the server instead of a DNS name, the host would be the IP address. So if I wanted to save a new SSH Key for this example, I would create the following path and file "~/.ssh/ids/myserver.example.com/ubuntu/id_rsa". I could have also used "~/.ssh/ids/myserver.example.com/id_rsa" instead if I want to use a single SSH Key for all user accounts on that system. Finally, if no SSH Key for the combination with host and username are found, SSH will default back to your default "~/.ssh/id_rsa" SSH Key.

So how are you going to use this? Do you have additional ideas on how to add functionality? if so, please leave a comment.