Force SSH Client To Use Given Private Key ( identity file )

by on May 17, 2010 · 7 comments· LAST UPDATED May 17, 2010

in

Recently, my desktop hard disk crashed. So I reinstalled Linux and created a new set of private RSA keys for authentication. However, two of my remote UNIX servers still uses old DSA keys. I do not remember root password for those servers. I do have backup of private and public DSA keys and currently stored in /backup/home/user/.ssh/id_dsa and /backup/home/user/.ssh/id_dsa.pub. How do I force my ssh clients to use identity file /backup/home/user/.ssh/id_dsa to get back to my remote UNIX servers?

The ssh client allows you to selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). The syntax is as follows:

ssh -i /path/to/id_rsa user@server.nixcraft.com
ssh -i /path/to/id_dsa user@server2.nixcraft.net.i

To use /backup/home/user/.ssh/id_dsa, enter:

ssh -i /backup/home/user/.ssh/id_dsa user@unixserver1.nixcraft.com

~/.ssh/config SSH Client Configuration

You can set identity file in ~/.ssh/config as follows:
vi ~/.ssh/config
Add both host names and their identity file as follows:

Host server1.nixcraft.com
  IdentityFile ~/backups/.ssh/id_dsa
Host server2.nixcraft.com
  IdentityFile /backup/home/userName/.ssh/id_rsa

You can add other settings per host such as port number, X11 forwarding, real hostnames and much more. Save and close the file. You can connect as follows:

ssh user@server2.nixcraft.com
ssh root@server1.nixcraft.com

Recommended readings:

  • See the ssh_config and sshd man page for more information.
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 7 comments… read them below or add one }

1 sujit May 18, 2010 at 10:49 am

Hi friends, it is good. but i am looking for configuration of Central authentication server for ssh login. If you can kindly let me know how to direct the client for the server and how the key pairs to dealt with and so on.. … … thanks

Reply

2 Niels van Dijk December 2, 2010 at 10:22 am

Thank you, I was looking for this

Reply

3 Chester May 29, 2012 at 9:02 pm

Thanks, I always forget -i !

Reply

4 davison July 4, 2013 at 8:10 am

Hello nixcraft,

I have a query here. I am not able to do this process successfully.
I have a private key(id_rsa) of a server. I want to log into the server using this private key.
I have tried your solution
ssh -i /path/of/id_rsa 192.168.xx.xx
but it asks password of the server. I don’t have password.
I can’t save my public key in .ssh directory of server as a authorized_keys because I don’t know the password. Please help me to log into server using private key (that’s all I have) of the server.
Thanks

Kind Regards
dave

Reply

5 machoo August 22, 2013 at 9:17 pm

This isn’t intended for getting you access to an account and server that you don’t know the password for. You must know the password for the account on the server so that you can save your public key to the server. This makes the login process easier.

Reply

6 Sébastien Pillien July 21, 2013 at 5:46 am

Hello
First of all, sorry for my poor english
Here’s What i don’t understand:
- my ssh config file is like that:
Host myserver.org
IdentityFile ~/.ssh/id_rsa
- ssh -i works
- ssh works (of course)
but ssh -v shows me that ssh tries to connect with other keys before this one.
How can i force id_rsa to be the first key to connect ?
Best regards

Reply

7 Olivier Mengué (DOLMEN) September 20, 2013 at 10:26 am

@ Sébastien
You must use the IdentitiesOnly option in ~/.ssh/config to force SSH to ignore the other keys.
If you need this SSH feature for Github accounts, you may be interested in my tool https://github.com/dolmen/github-keygen

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: