Why I Run Multiple SSH Keys Instead of Just One

For many Linux admins, a single SSH key pair is the default for logging into every server, staging box, or cloud instance they own. It's…

Faruk Ahmed

~2 min read · August 13, 2025 (Updated: August 13, 2025) · Free: No

For many Linux admins, a single SSH key pair is the default for logging into every server, staging box, or cloud instance they own. It's simple, convenient — and a single point of failure.

Over time, I've learned that separating SSH keys by purpose and environment isn't just good hygiene — it's a major security win.

🛑 The Risk of "One Key to Rule Them All"

If you use the same SSH private key for everything, one compromise can be catastrophic:

Lose your laptop? Every server that key touches is now at risk.
Key is stolen from a less-secure environment? Attackers can pivot into critical systems.
Need to rotate keys? You're now scrambling to replace it everywhere.

This is the definition of a blast radius problem.

🧩 How I Segment My Keys

I maintain separate SSH keys for:

Production

Stored in a hardware token or secure key vault
Only used for critical servers
Never leaves secure devices

2. Staging/Test

Separate from production
Lives on a work laptop
Easily replaceable

3. Personal Projects

For home labs, personal VPS, Raspberry Pis
Never mixed with work systems

4. Disposable/Temporary

Created for short-lived projects or vendor access
Deleted after use

🛠 My Workflow

Key Generation:

ssh-keygen -t ed25519 -C "prod-key" -f ~/.ssh/id_ed25519_prod
ssh-keygen -t ed25519 -C "test-key" -f ~/.ssh/id_ed25519_test

SSH Config Example (~/.ssh/config):

Host prod-server
    HostName prod.example.com
    User admin
    IdentityFile ~/.ssh/id_ed25519_prod
Host staging-server
    HostName staging.example.com
    User dev
    IdentityFile ~/.ssh/id_ed25519_test

This way, I don't have to remember which key to use — SSH automatically selects the right one.

🧠 Why It Works

Limits Damage — If one key leaks, only that environment is at risk.
Easier Rotation — I can rotate a single key without touching others.
Audit-Friendly — Keys map directly to their purpose, making compliance easier.
Encourages Principle of Least Privilege — No single key has access to everything.

📌 Final Thoughts

Managing multiple SSH keys might feel like overkill at first, but it's one of the easiest ways to reduce risk without slowing you down.

One key for everything might be convenient… until it isn't.

💬 How do you manage your SSH keys? Do you segment them or stick to a single pair?

🙏 Thank you for being a part of the community

👏 Before you go: Be sure to clap and follow me!

📲 Follow me on social media: 🔗 LinkedIn: https://www.linkedin.com/in/bornaly/ ✍️ Medium: https://medium.com/@bornaly/subscribe 💬 Discord: https://discord.gg/FkjR2WFs 📘 Facebook: https://www.facebook.com/profile.php?id=61578778563015

#cyber #linux #ubuntu #devops #dev-sec