In the past (as a freelancer) I had the brilliant idea to have one SSH key per customer/server. So each time I got access to a new machine I created a new ssh key, configured it locally on my ssh config and used it. The problem with this is, once you change your machine, you break your config or want to cycle your keys at least I pretty quick lose my overview.
And there is no benefit in it.
- We (all, right?) don’t share SSH keys, therefore the security benefit is not there. I can’t limit authorisation by limiting the access to the ssh key – I am the only one.
- The SSH keys all live in the same directory on my (encrypted) disk. If I loose my laptop and my encryption key ALL keys are gone.
It adds a ton of complexity to maintain all these keys. For some project I even had different keys for github and bitbucket which lead to git urls like:
git@github-projectname/... so the SSH client knows which key to use.
So, don’t make the mistake I did.