Today I needed to create a new SSH public/private keypair for work. I wanted to make sure I was following modern best practices for this, so I did some reading online.

I found these two articles to be very helpful:

Things I learned

I didn’t ever think to change the comment at the end of the keyfile. Now I plan to date them, as it suggests. Using the email sub-alias (+) is clever and I’m stealing that.

SSH agent forwarding (ssh -X) and ProxyJump are super useful! I definitely would have enjoyed knowing about them when I was an SRE.

Using ProxyJump ad-hoc is easy: ssh -J jumphost.jamessimas.internal desthost.jamessimas.interal

Setting up ProxyJump in your SSH config is simple, too!

# Define host, so it doesn't match the wild card below
Host jumphost.jamessimas.internal
    User simas
# Use jump host for all other hosts in the domain
Host *.jamessimas.com
    ProxyJump jumphost.jamessimas.internal
    User simas