Aug 3, 20120 access_time1 min read.

You often see users connecting to a server using ssh remote_username@remote_host. Although this does the job, there is an alternate method you could employ. This method makes your life easier if you have different connections. Make sure that the ssh directory is only accessible to you by typing chmod 700 ~/.ssh.

Identify the Keys

When you generate the ssh key pair, append the remote server identification to the key. For example, if you have Digital Ocean, Github, and GitLab, you would identify the keys as id_rsa.do, id_rsa.gh, and id_rsa_gl respectively. Of course, the public keys would be id_rsa.do.pub, id_rsa.gh.pub, and id_rsa_gl.pub.

Setting Up Connections

Edit the config file vim ~/.ssh/config

    # Digital Ocean web server.
    Host do_web
    User jsmith
    Hostname 133.205.1.1
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa.do
    Port 22

    # Digital Ocean Postgres database.
    Host do_db
    User jsmith
    Hostname 133.206.1.2
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa.do
    Port 22
                    

Connecting to the Server

Once the keys have been configured:

  • To connect to the web server, on the terminal type:
  • ssh do_web
  • When you need to access the database server, type:
  • ssh do_db

Note

There are security practitioners who recommend changing port 22 to a different port number (i.e., 24318). Since you are using another port number, you created the administrative task of keeping a reference to that specific number rather than the well known port 22. This is equivalent to using a different port to serve secure web applications rather than the standard port 443.

An attacker targeting ssh login will do a port scan in case port 22 is closed or not responding. You are better off applying the required OS patches, using the appropriate chmod, disabling remote logon, etc. In other words, implement best practices and not security through obscurity.

Credits: Page cover by Jen Theodore on Unsplash.