Multiple SSH Key Management

I wanted to record an event that I had today and put it in writing so that you can benefit.

When we want to define another ssh key on the server that already has an SSH key definition, you may not want to touch the existing SSH key. In this case, I will tell you how to follow a method.

If we rewind to the source of the subject; When we want to access or manage the codes on our git server (Github, Bitbucket, GitLab etc.) on any machine, you may encounter an error as follows. This message says that you could not handshake between your machine (server, local) and your git server, in summary, the SSH key on your machine and the access key on your git server do not match.

To solve this problem, you need to generate an SSH key (id_rsa, id_rsa.pub) on your machine and define the public key (id_rsa.pub) of this key to your git server. In this way, when you want to access the repo, these two keys will be compared and if they access each other, your identity will be authenticated. After this process, you can manage the codes on your git server from your machine without any problems.

If we take this process step by step;

Creating SSH Key:

After the command is entered, you will be greeted with a warning as follows. The .ssh directory will point to the $HOME directory by default. This part is important to us, do not change it unless necessary.

As a result, you should see a screen like the one below.

To see the generated public key:

This command shows two files, one for the public key ( id_rsa.pub ) and one for the private key ( id_rsa ).

Now we have a special SSH key for our machine. We need to copy the contents of the public key file we have produced and add it to our git server.

SSH Copy Shortcut

Windows

Mac OS X

Linux

Defining SSH key for GitHub Official Doc: Adding a new SSH key to your GitHub account

Defining SSH key for Bitbucket Official Doc: SSH access keys for system use

Define Multiple SSH

If we come to the reason for writing the article and the exception that I came across; In the light of the information above, let’s assume that we have a machine and we create our SSH keys for this machine and make the definitions on our git server.

Considering my situation, what do we do when we need to access another git server from our server or we want to access a new repo? Likewise, we can define the id_rsa.pub that we created earlier for the new git server or repo. But things get a little messy when authorization comes into the event. Namely;

Suppose we have a structure like the one above. Let’s say we have one main server ( root ). Let’s assume that this main server can create n virtual servers ( S1, S2, S3… ). In this case, instead of assigning SSH to all servers one by one, it is a good solution to transfer the root’s profile to all servers and define root’s SSH key to git server. In this way, all subservers will be able to access git with the same SSH key.

So what do we do if we only want to access a different git server or repo from one server, but not access it from other servers? We may only want a specific server to have access to the codes.

We can create a new SSH key for the server we want to differentiate. In this case, we encounter the problem of overriding the actual SSH key ( id_rsa ). If we create a new SSH key, we will have access to all servers that we connect with the old SSH key, as the old SSH key will change. As a workaround, I can generate a key with a new name ( server1.pub ) without overriding the id_rsa file. But there is a problem here, the servers we want to connect will look at the default directory ~/.ssh/id_rsa.pub. Not the ~/.ssh/server1.pub that I created. There is a way to solve this problem too: Configuring SSH.

SSH Configuration

In ~/.ssh/, create a file named config and add the definitions you want to redirect to.

When one server uses GitHub and another server uses bitbucket, you won’t have any routing problems, but if both servers need to point to the repo under the same git server (like server1 and server2 going to bitbucket), you can access it with a fake subdomain. Instead of git clone git@bitbucket.org:my-project/repo.git you can use git clone git@server2.bitbucket.org:my-project/repo.git.

Before I finish the article, I would like to talk about this tactic. If you say “I don’t want to parse on a per-user basis. If there is an SSH key on the server that will allow me to access the git server, give it to me”, you can change your config file as follows.

Originally published at mryldrm.com

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store