SSH Key Management

I did some annual SSH key housekeeping this week. Here are a few things you should probably do:

  1. Use the newer ed25519 keys, update them once a year
  2. Generate a key for each general use case / project
  3. Don’t be a muppet and have ssh keys in plain text on your laptop and in your backups
  4. Create a .ssh/config file, which points to your keys on an encrypted filesystem

Below are a few commands and examples to get you started.

Generate an ed25519 key, with your email address as a comment and save it to a key file for a project or company or some use case you might have:

ssh-keygen -t ed25519 -C 'you@your.email.address' -f swimgeek

Create an ssh config file for your keys and various servers, with user account, port and where the key lives.

Create a .ssh/config file

Host swimgeek-myserver myserver.swimgeek.com
    HostName myserver.swimgeek.com
    Port 2345
    User joe
    IdentityFile /Volumes/crypt-fs/ssh/swimgeek

Host projectabc-prod prod.projectabc.com
    HostName prod.projectabc.com
    Port 2567
    User root
    IdentityFile /Volumes/crypt-fs/ssh/projectabc

Note that these keys are not in your home directory. They live on an encrypted filesystem, which is not mounted at boot time, and not backed up in plain text.

Install mosh and add an alias to your .zshrc

alias moshprod="mosh projectabc-prod"

LLAP.

Leave a Reply

Your email address will not be published. Required fields are marked *