Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I use multiple SSH keys for the same host?

Tags:

ssh

key

Pretty much I want to be able to use multiple SSH keys on the same server for different users. I have a server that I use for both webhosting and as an SSH tunnel. I have set up an account that has no login shell specifically for SSH tunneling. I use the root user to manage the rest of the system.

I have two SSH keys, one with a password for the root user, and one without a password for the SSH tunnel. How do I make it so when I connect as the tunnel user, it uses the tunnel key and when I connect as the root user, it uses the root key?

like image 718
Richard Hum Avatar asked Nov 25 '25 19:11

Richard Hum

1 Answers

If you have one key set up for your root user, the other one for your tunnel user (via file authorized_keys on the server/remote machine), the right key shall be picked automatically.

This is based on the assumption that you loaded the keys in ssh-agent and they are available to the ssh utility.

Otherwise, you can manually specify the key with ssh -i <identity file>.

Besides that, you can set up aliases in your ssh_config file (~/.ssh/config or /etc/ssh/ssh_config):

Host server-root
User root
IdentityFile <path to your key>
Hostname <real hostname>

Host server-tunnel
User tunnel-user
IdentityFile <path to your key>
Hostname <real hostname>

Then you use either ssh server-root or ssh server-tunnel.

But I would say working with ssh-agent might be the easiest setup.

If you want auto-selection of the right key without ssh-agent, you could specify both keys via -i.

To quote from the OpenSSH man page:

 -i identity_file
     Selects a file from which the identity (private key) for public
     key authentication is read.  The default is ~/.ssh/identity for
     protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
     ~/.ssh/id_rsa for protocol version 2.  Identity files may also be
     specified on a per-host basis in the configuration file.  It is
     possible to have multiple -i options (and multiple identities
     specified in configuration files).  ssh will also try to load
     certificate information from the filename obtained by appending
     -cert.pub to identity filenames.
like image 158
sstn Avatar answered Nov 28 '25 15:11

sstn
Sign in to Comment

Related questions

Cannot clone using deploy key (bitbucket) EC2

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!