DEV Community

Geoffrey Kim
Geoffrey Kim

Posted on • Edited on

5

Managing SSH Keys Across Multiple Devices: An Enhanced Guide

Managing SSH keys efficiently is critical whether you’re working with GitLab, GitHub, or other services. This guide walks you through checking for existing SSH keys, generating new ones (with updated recommendations), securely transferring keys between devices, handling naming conflicts, and even leveraging tools like ssh-copy-id and 1Password for simplified management.


1. Check for Existing SSH Keys

Before generating a new SSH key, check your ~/.ssh directory for any existing keys. Look not only for id_rsa but also for other common key types (e.g., id_ecdsa, id_ed25519):

ls -al ~/.ssh
Enter fullscreen mode Exit fullscreen mode

If you don’t see the key you need, proceed to generate a new one.


2. Generate a New SSH Key

Recommended: Use ED25519

For most users, the ED25519 algorithm is preferred for its improved security and performance. Use the following command:

ssh-keygen -t ed25519 -C "your_email@example.com"
Enter fullscreen mode Exit fullscreen mode

If your environment requires RSA keys, you can generate one using:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Enter fullscreen mode Exit fullscreen mode

Follow the prompts to save your key (typically as ~/.ssh/id_ed25519 or ~/.ssh/id_rsa) and opt to add a passphrase for additional security.


3. Add Your SSH Key to the SSH Agent

To make key management easier, add your SSH key to the SSH agent. Start the SSH agent with:

eval "$(ssh-agent -s)"
Enter fullscreen mode Exit fullscreen mode

Then add your key. For ED25519, run:

ssh-add ~/.ssh/id_ed25519
Enter fullscreen mode Exit fullscreen mode

Tip: To avoid starting the agent manually in each session, consider adding these commands to your shell’s startup file (e.g., ~/.bashrc or ~/.zshrc).


4. Register Your SSH Key with GitLab

Copying the Public Key

You need to copy your public key to your clipboard. Depending on your operating system, there are various methods:

  • macOS:
  pbcopy < ~/.ssh/id_ed25519.pub
Enter fullscreen mode Exit fullscreen mode
  • Linux (with xclip installed):
  xclip -sel clip < ~/.ssh/id_ed25519.pub
Enter fullscreen mode Exit fullscreen mode

Then, log in to GitLab and navigate to User Settings > SSH Keys to paste your key. This setup allows for secure, password-less Git operations.


5. Transferring SSH Keys to Another Computer

Option 1: Using a USB Drive

  1. Copy the Key to a USB Drive:

    cp ~/.ssh/id_ed25519 /Volumes/USB_DRIVE_NAME/id_ed25519
    cp ~/.ssh/id_ed25519.pub /Volumes/USB_DRIVE_NAME/id_ed25519.pub
    
  2. Transfer and Set Permissions on the New Machine:

    cp /Volumes/USB_DRIVE_NAME/id_ed25519 ~/.ssh/id_ed25519
    cp /Volumes/USB_DRIVE_NAME/id_ed25519.pub ~/.ssh/id_ed25519.pub
    chmod 600 ~/.ssh/id_ed25519
    chmod 644 ~/.ssh/id_ed25519.pub
    

Security Note: When using a USB drive, ensure it’s safely handled or, if possible, encrypted during transfer.

Option 2: Using SCP (Secure Copy)

If you’re on a secure network, transfer the key directly over SSH:

scp ~/.ssh/id_ed25519 user@destination_ip:/path/to/.ssh/id_ed25519
scp ~/.ssh/id_ed25519.pub user@destination_ip:/path/to/.ssh/id_ed25519.pub
Enter fullscreen mode Exit fullscreen mode

Ensure the remote SSH service is running and that network firewalls allow the connection.


6. Handling Existing SSH Keys on the Destination Machine

If the target machine already has keys with the same name, back up the existing keys before transferring your new ones:

mv ~/.ssh/id_ed25519 ~/.ssh/id_ed25519_backup
mv ~/.ssh/id_ed25519.pub ~/.ssh/id_ed25519.pub_backup
Enter fullscreen mode Exit fullscreen mode

After transferring your keys, verify and, if necessary, reset the permissions:

chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
Enter fullscreen mode Exit fullscreen mode

Managing Multiple Keys

If you plan to use multiple SSH keys, consider naming them differently and configuring your SSH client via the ~/.ssh/config file:

# ~/.ssh/config

Host gitlab.com
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/id_ed25519_gitlab

Host workserver
    HostName work.example.com
    User your_username
    IdentityFile ~/.ssh/id_ed25519_work
Enter fullscreen mode Exit fullscreen mode

This approach lets you specify which key to use per host.


7. Using ssh-copy-id

Advantages

ssh-copy-id automates the process of copying your public key to a remote machine’s authorized_keys file. It appends the key (without overwriting any existing keys) and ensures proper file permissions.

How to Use ssh-copy-id

  1. Install ssh-copy-id if Necessary:
  • On Ubuntu/Debian:

      sudo apt-get install ssh-copy-id
    
  • On macOS (via Homebrew):

      brew install ssh-copy-id
    
  1. Copy Your Public Key:
   ssh-copy-id user@destination_ip
Enter fullscreen mode Exit fullscreen mode

Replace user@destination_ip with the appropriate username and IP address of the remote machine. You’ll be prompted for the remote user’s password. Once authenticated, your public key is appended to the remote machine’s ~/.ssh/authorized_keys.


8. Managing SSH Keys with 1Password

For a more streamlined approach, some users consider leveraging 1Password's SSH agent. This feature lets you generate, store, and use SSH keys directly from within 1Password, potentially reducing the need for multiple manual steps.

Advantages

  • Ease of Use: Integrates your SSH key management into a single application.
  • Convenience: Allows quick access to keys across devices without manual file transfers.

Security Considerations

While 1Password offers convenience, it's important to note that using any third-party service for SSH key management comes with potential risks. Some security professionals have expressed concerns about relying on password managers for SSH key storage, citing the potential impact of service disruptions or security incidents.

Before choosing this approach, carefully consider:

  • Your specific security requirements
  • The impact of potential service disruptions
  • The trade-off between convenience and control
  • Your organization's security policies
  • Current independent security audits

Alternative Approaches

For those preferring traditional key management:

  1. Manual key management (as described in previous sections)
  2. Using your operating system's built-in keychain
  3. Setting up your own secure key management system

Getting Started with 1Password for SSH Keys

If you decide to use 1Password:

  1. Visit the 1Password SSH Agent Documentation for detailed instructions.
  2. Review current security documentation and make an informed decision based on your needs.
  3. Consider maintaining backup procedures for your SSH keys.

Conclusion

Managing SSH keys across multiple devices demands careful attention to security and practicality. Using modern algorithms (like ED25519), automating agent startup, carefully transferring keys via USB or SCP, and leveraging tools such as ssh-copy-id or 1Password can significantly streamline your workflow. These practices not only simplify key management across devices but also maintain high security standards.

By staying up to date with best practices and adjusting configurations based on your environment, you can ensure secure and efficient access to your remote resources.

Top comments (7)

Collapse
 
devh0us3 profile image
Alex P

Too many steps...

The easiest way to manage using developer.1password.com/docs/ssh/

Just try it 😉

Collapse
 
theking2 profile image
theking2

1password is frequently cursed with security flaws and breaks. I would not trust precious data with it.

Collapse
 
mochafreddo profile image
Geoffrey Kim

Thanks for the tip! Using 1Password to manage SSH keys sounds like a great way to simplify the process. I'll add this option to the guide. Appreciate your suggestion!

Collapse
 
ccoveille profile image
Christophe Colombier

I suggest you to have a look at ssh-copy-id

Collapse
 
mochafreddo profile image
Geoffrey Kim

Thanks for the suggestion! ssh-copy-id is indeed a very convenient tool for transferring SSH keys. I'll make sure to highlight it in the guide. Appreciate your input!

Collapse
 
theking2 profile image
theking2

1password might be easy but is not a very secure place to store your precious data. It frequently gets breached leaving you to regeneratie keys and distribute. I recommend against using.

Collapse
 
mochafreddo profile image
Geoffrey Kim

Thank you for sharing your valuable insights about 1Password's security considerations. I've updated the blog post to include a more balanced view of SSH key management options, emphasizing the importance of carefully evaluating security requirements and potential risks when choosing a key management solution. Your feedback helps readers make more informed decisions about their SSH key management strategy. 🙂