Multiple SSH private keys, possible?

Question

Is it possible to have multiple SSH key in a single client, and let ssh choose the right one automatically?

score 16 · Accepted Answer · answered Mar 02 '12 at 12:14

16

You can have different private keys in different files and specify all of them in ~/.ssh/config using separate IdentityFile values (or using -i option while running ssh). They would be tried in sequence (checkout man 5 ssh_config).

If you are using ssh-agent though, you might have to tell the agent about the multiple keys you have using ssh-add.

answered Mar 02 '12 at 12:14

Anil

735
4
4

Note that if one account has multiple valid keys (e.g. because you use `authorized_keys` to run specific commands instead of a shell), you may have to use the `IdentitiesOnly yes` option to make sure `ssh-agent` doesn't use the wrong one. See also http://unix.stackexchange.com/q/52092/863 – Tobias Kienzler Oct 18 '12 at 06:13

score 10 · Answer 2 · answered Mar 02 '12 at 12:15

Yes:

-i identity_file
Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.

Just add -i for each identity, or use several IdentityFile lines in you .ssh/config.

Multiple SSH private keys, possible?

2 Answers2