Recently, my desktop hard disk crashed. So I reinstalled Linux and created a new set of private RSA keys for authentication. However, two of my remote UNIX servers still uses old DSA keys. I do not remember root password for those servers. I do have backup of private and public DSA keys and currently stored in /backup/home/user/.ssh/id_dsa and /backup/home/user/.ssh/id_dsa.pub. How do I force my ssh clients to use identity file /backup/home/user/.ssh/id_dsa to get back to my remote UNIX servers?
The ssh client allows you to selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). The syntax is as follows:
ssh -i /path/to/id_rsa user@server.nixcraft.com ssh -i /path/to/id_dsa user@server2.nixcraft.net.i
To use /backup/home/user/.ssh/id_dsa, enter:
ssh -i /backup/home/user/.ssh/id_dsa user@unixserver1.nixcraft.com
~/.ssh/config SSH Client Configuration
You can set identity file in ~/.ssh/config as follows:
vi ~/.ssh/config
Add both host names and their identity file as follows:
Host server1.nixcraft.com IdentityFile ~/backups/.ssh/id_dsa Host server2.nixcraft.com IdentityFile /backup/home/userName/.ssh/id_rsa
You can add other settings per host such as port number, X11 forwarding, real hostnames and much more. Save and close the file. You can connect as follows:
ssh user@server2.nixcraft.com ssh root@server1.nixcraft.com
Recommended readings:
- See the ssh_config and sshd man page for more information.