box.matto.nl

home/

Using multiple ssh keys

Last edited

The moment you start using multiple ssh keys you should create a ssh config file

Using ssh keys for improved security

A computer that runs sshd and is connected to the internet should be configured to only accept connections through ssh key authorisation.

An sshd that accepts usage of usernames and passwords will attract a lot of unauthorised login attempts. The best way is to disable ssh connection for root at all and only authorisation based up on ssh keys for the other users.

Gitolite requires a separate key for gitolite-admin

In order to administrate Gitolite a dedicated ssh key for gitolite-admin is required.

However, if you also have one or more git repositories you want to access as a normal user, you can't use the same key for that. This could lock you out of your gitolite-admin repository.

Set up a ssh config file

A ssh config file can make your life a lot easier.

Once you start working with ssh connections to multiple hosts, multiple ssh keys and/or multiple usernames you definitely need a ssh config file.

Creation of your ssh config file

Use your favorite editor to create the file ~/.ssh/config to hold your configuration.

Format of the ssh config file

The config file contains one or more blocks of lines, each starting with a nickname of the connection.

Host nickname
    Hostname ip-number or hostname
    User username
    Port portnumber
    IdentityFile keyfile

In this block the first line with the nickname is not optional, the other lines are optional..

Explanation of the block of lines

  • Nickname The nickname is an easy to type and remember name of the connection.
  • Hostname After the word Hostname enter either the ip-number or the hostname of the remote host.
  • User Here you provide the username you log on to on the remote host. If you omit this line, your current username will be used.
  • Port If the sshd of the remote host runs on another port then 22, add this line with the port number to use.
  • IdentityFile Here you provide the name of the ssh key to be used (without the .pub extension) for this connection.

Using a key for gitolite-admin and a different key for a normal user

You have to use a dedicated key for gitolite-admin and a different key for a normal user to access git repositories that are managed on the same host. The most easy way to do this is to make two blocks of lines in your ssh config file, each with a different nickname.

Example config file

Host gitoliteadmin
    Hostname gitserver.example.com
    Username gitolite
    IdentityFile adminkeyfile

Host gitoliteuser
    Hostname gitserver.example.com
    Username gitolite
    IdentityFile userkeyfile

Now when you want to clone the gitolite admin repository, you issue the following command.

git clone ssh://gitoliteadmin:gitolite-admin

And when you want to clone one of the repositories that are managed on that host, issue the following command.

git clone ssh://gitoliteuser:somerepo

In both cases you connect to the same remote host with the same username (gitolite) but with different ssh keys.