SSH Key Management

I did some annual SSH key housekeeping this week. Here are a few things you should probably do:

  1. Use the newer ed25519 keys, update them once a year
  2. Generate a key for each general use case / project
  3. Don’t be a muppet and have ssh keys in plain text on your laptop and in your backups
  4. Create a .ssh/config file, which points to your keys on an encrypted filesystem, which does not get mounted at boot time

Below are a few commands and examples to get you started.

Generate an ed25519 key, with your email address as a comment and save it to a key file for a project or company or some use case you might have:

ssh-keygen -t ed25519 -C '' -f swimgeek

Create an ssh config file for your keys and various servers, with user account, port and where the key lives.

Create a .ssh/config file

Host swimgeek-myserver
    Port 2345
    User joe
    IdentityFile /Volumes/crypt-fs/ssh/swimgeek

Host projectabc-prod
    Port 2567
    User root
    IdentityFile /Volumes/crypt-fs/ssh/projectabc

Note that these keys are not in your home directory. They live on an encrypted filesystem, which is not mounted at boot time, and not backed up in plain text.

Install mosh and add an alias to your .zshrc

alias moshprod="mosh projectabc-prod"