30

I want to generate a set of keys for a home server that I would like to SSH into, so I do ssh-keygen -t rsa, but then I get a message: id_rsa already exists. Overwrite (y/n)?

Well, I don't want to overwrite because the keys I have now I use to SSH into my university's servers, and it would be a pain to have to do all that junk again every time I wanted to switch. Is there an easy way to append the keys?

I tried following a tutorial (which I cannot find) that suggesting something about using the cat command, but I am pretty lost. It seems like the solution is something very simple that I'm just not seeing.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
itsmichaelwang
  • 2,282
  • 4
  • 16
  • 25

5 Answers5

32

You can achieve this by using a config file in your home directory under the .ssh directory:

  1. Generate your key as usual:

    ssh-keygen -t rsa

  2. Don't overwrite the default (usually id_rsa). Instead, create a new name. This will create a separate file with your key.

  3. In ~/.ssh create a config file with the following content:

    Host * (asterisk for all hosts or add specific host)
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile <key> (e.g. ~/.ssh/yourKey)

  4. The key is now added to the keychain and can be used!

--

You can use multiple IdentityFiles in your config (Mac example): 

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa_private_server
  IdentityFile ~/.ssh/id_rsa_github
  IdentityFile ~/.ssh/id_rsa_work_server
GreensterRox
  • 6,432
  • 2
  • 27
  • 30
  • Does this work with multiple ssh keys (identify files)? – Iulian Onofrei Nov 21 '17 at 12:26
  • Works for me :-) I've got three different ssh keys for three separate servers and I can seamlessly connect to any of the three servers using standard `ssh myname@myserver syntax`. If you use ssh -v (verbose) you can see how it tries all the identity files in your .ssh folder. – GreensterRox Nov 21 '17 at 17:03
  • So then, which one do you specify for the `IdentityFile` field? – Iulian Onofrei Nov 21 '17 at 17:05
  • 1
    You can specify multiple lines with IdentityFile, see my updated answer. – GreensterRox Nov 21 '17 at 17:12
  • Thanks for this @GreensterRox - this works well and helped me. However, for some odd reason, when I change my server which uses a different key, the title of my terminal still says root@previousServerName even though everything works fine. – Shawn Frank Feb 23 '21 at 10:16
10

You can use the same public key on both servers. If you don’t want to do that, just specify a different location than ~/.ssh/id_rsa when ssh-keygen prompts you before that, and use it with an agent:

% ssh-agent sh  # Replace with your favourite shell.
$ ssh-add ~/.ssh/id_rsa_2
$ ssh somewhere
$ exit
%

ssh-agent can also be used without starting a new shell as eval $(ssh-agent).

Ry-
  • 218,210
  • 55
  • 464
  • 476
  • In that case, I'm trying to do the following from my host computer (Windows 7, through Cygwin, trying to copy to Debian): `ssh-copy-id -i "C:/Users/FirstName LastName/.ssh/id_rsa.pub" user@hostname`, but it's getting angry at me and saying `ERROR: failed to open ID file 'C:/Users/FirstName' – itsmichaelwang Jun 24 '14 at 17:31
  • @Zapurdead: Try escaping the space and using single quotes: `'C:/Users/FirstName\ LastName/.ssh/id_rsa.pub'`. (Single quotes aren’t really necessary, but may as well not double the ``\``.) `ssh-copy-id -i ~/.ssh/id_rsa.pub user@hostname`, even. – Ry- Jun 24 '14 at 17:33
  • I tried the second one and I get `ERROR: failed to open ID file '/home/FirstName'`. Is it thinking my Windows computer is a Linux? – itsmichaelwang Jun 24 '14 at 17:36
  • @Zapurdead: I don’t know. Does the backslash work? – Ry- Jun 24 '14 at 17:46
  • It's a no go. Looks like it's a bug? https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1074798 – itsmichaelwang Jun 24 '14 at 17:51
  • @Zapurdead: It would appear to be; you should upgrade to the latest OpenSSH, 6.6. – Ry- Jun 24 '14 at 17:55
  • I tried it but it's no good, still not fixed. I will create a new key in a different directory without spaces, but I don't know if it will allow me to. – itsmichaelwang Jun 24 '14 at 18:34
  • @MattO'Brien: It stores decrypted private keys so that you can use them without having to type in your password each time. See `man ssh-agent`. – Ry- Oct 15 '15 at 00:58
6

I had the same problem as you and I solved it.

In the terminal is:

"Enter file in which to save the key (/home/you/.ssh/id_rsa): "

Instead of hitting Enter or writing /home/you/.ssh/id_rsa, you write /home/you/.ssh/id_rsa1.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
maihuynhtruc
  • 61
  • 1
  • 2
1

If I remember correctly, I fixed this problem by uninstalling Cygwin and using the command line instead.

itsmichaelwang
  • 2,282
  • 4
  • 16
  • 25
1

You could do as minitech suggested and use the same SSH public key on both servers. To do so, open the file ~/.ssh/id_rsa.pub in your text editor, copy the contents of the file exactly without adding any new spaces or newlines, and add this to the server you want to connect to. If your user name on the server is "user" at IP address 123.45.56.78, use the command "ssh-copy-id user@123.45.56.78", or you can use:

cat ~/.ssh/id_rsa.pub | ssh user@123.45.56.78 "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
user3291025
  • 997
  • 13
  • 20