Force SSH Client To Use Given Private Key ( identity file )

Recently, my desktop hard disk crashed. So I reinstalled Linux and created a new set of private RSA keys for authentication. However, two of my remote UNIX servers still uses old DSA keys. I do not remember root password for those servers. I do have backup of private and public DSA keys and currently stored in /backup/home/user/.ssh/id_dsa and /backup/home/user/.ssh/ How do I force my ssh clients to use identity file /backup/home/user/.ssh/id_dsa to get back to my remote UNIX servers?

The ssh client allows you to selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). The syntax is as follows:

ssh -i /path/to/id_rsa
ssh -i /path/to/id_dsa

To use /backup/home/user/.ssh/id_dsa, enter:

ssh -i /backup/home/user/.ssh/id_dsa

~/.ssh/config SSH Client Configuration

You can set identity file in ~/.ssh/config as follows:
vi ~/.ssh/config
Add both host names and their identity file as follows:

  IdentityFile ~/backups/.ssh/id_dsa
  IdentityFile /backup/home/userName/.ssh/id_rsa

You can add other settings per host such as port number, X11 forwarding, real hostnames and much more. Save and close the file. You can connect as follows:


Recommended readings:

  • See the ssh_config and sshd man page for more information.

Posted by: SXI ADMIN

The author is the creator of SXI LLC and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.