Sign arbitrary data with your SSH keys

So a little offtopic but I’m still curious: how do you handle multiple machines and SSH keys? I mean do you run ssh-keygen on a new machine and have for each computer a separate key pair or do you have one key pair that you copy on every new machine?

I have seen both and using one key pair looks very convenient but also makes me feel a little uneasy.

I myself have a key pair for each of my machines.

How do you handle it?

You can avoid specifying a lot of parameters at each SSH connection by defining aliases, e.g. of the form ssh-servername.

In each alias you put the appropriate "-i private_key_for_that_server", the server name and also "-l user_name" if you have a different user there and "-p port" if the server uses a non-standard port.

Thus, after the initial key setup, connecting to any server with different credentials is no more complex than when using a single key pair.

Except for an extra keygen step, the initial setup is not more complex than when using a single key pair, as you have to copy the public keys anyway, which is the more difficult part of the setup.

You might want to look into using .ssh/config instead, as it is built into SSH. In addition to letting you specify keys/usernames for arbitrary hosts, you can also use rules for wildcards, etc.