dingyichen (dingyichen) wrote,

[HOWTO][SSH] provide multiple identity files.

Some development web site only allow one ssh public key, e.g. Fedora project.
It is not a problem if you use exactly one computer to submit the task.

However, if you do work on more than 2 computers then it might not work on the first glance.

Of course, the most naive resolution is just use the same SSH public/private for all the computers. I am not a security expert, but it does not seem right to me, plus, you might want other k

When digging in ssh_config man pages, it says:


Specifies a file from which the user's RSA or DSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. ssh(1) will try to load certificate information from the filename obtained by appending -cert.pub to the path of a specified IdentityFile.

The file name may use the tilde syntax to refer to a user's home directory or one of the following escape characters: ‘%d’ (local user's home directory), ‘%u’ (local user name), ‘%l’ (local host name), ‘%h’ (remote host name) or ‘%r’ (remote user name).

It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence.

Thus, you can have a key pair, say, "id_rsa_fedora" and "id_rsa_fedora.pub" for signing fedora packages by writing your ~/.ssh/id_rsa_fedora like:

You do need to copy id_rsa_fedora to all you computers though.
Tags: howto, multiple identity files, ssh
  • Post a new comment


    default userpic

    Your reply will be screened