17 February 2015

SSH and Multiple Keys

I do a lot of stuff with SSH.  And I’m a fan of using separate keys for most things: the generic public key


for my specific workstation; and then a special, non-workstation-specific key for other stuff.

So I’ve got a key for things like:

  • Digital Ocean
  • SourceForge.net
  • BitBucket
  • GitHub

Frustratingly enough, once one has enough identities, one runs into a problem: Too many authentication failures.  Every time I see it, I have to go figure out why, and a workaround.  And that’s a couple of precious minutes that I’ll never get back.

Well, I’ve finally found a solution…  I actually already had it, I just forgot. My salvation lies in this file:


The key is actually the first part, “Host *.hostname.com”, which is like a per-domain catch-all:

GSSAPIAuthentication no
Host *.hostname.com
    PubkeyAuthentication no
Host test
    Hostname www.test.foo
    User danf
    IdentityFile /home/danf/.ssh/digitalocean_id_rsa.pub
Host *.server04.com
    IdentityFile /home/danf/.ssh/source.server04.com_dsa.pub
Host cs
    Hostname indigo.crazedsanity.com
    User danf
    IdentityFile /home/danf/.ssh/digitalocean_id_rsa.pub
    IdentitiesOnly yes
    ServerAliveInterval 20

Oh, and this configuration allows me to use shortcuts that don’t have to resolve to real hosts and don’t require entries in my /etc/hosts file. So I can literally type ssh cs and get to where I want.

EDIT: apparently, there’s not a catch-all.  At least not a global one… but you can set one for an entire domain (like “*.hostname.com”) and that works magically.  So… close enough.  At least for government work.

Copyright {year}. All rights reserved.

Posted February 17, 2015 by Slaughter in category "System Administration