Using an Alternative SSH Identity

In some cases there might be a need to use a different or a specific SSH key for authenticating to a server. This post will describe one way of accomplishing that goal.

Create a New SSH Key

To reduce the complexity of the commands a little, I will provide a series of commands that will be executed from within the ~/.ssh directory where the other SSH keys and information are stored. Effectively, we will create a new SSH key pair with a specific name for the key. For this example, I will use new_identity for the name of the key pair.

Perform the following commands:

cd ~/.ssh
ssh-keygen -f new_identity

As usual, provide a passphrase for the new_identity key pair for encrypting the private key. You will find in the ~/.ssh directory the following new files:

  • new_identity: the new private SSH key

  • new_identity.pub: the new public key

The new public key can be placed on the remote server that you plan to access (for example, GitHub or some remote Linux server) so that the remote server will recognize you using the new SSH key.

Using the New Identity

To new SSH key can be used in a variety of different ways:

  • If you are using ssh-agent, then you can can simply add the new SSH private key to your session as follows:

    ssh-add ~/.ssh/new_identity

    Adding a specific key as opposed to all of the default SSH keys (see man ssh-add for more details), you can control which key is used to authenticate to the remote server.

    To make sure that the right identity is used, you might want to clean out the private keys from the ssh-agent environment before adding the new identity. Here are some methods for performing that function.

    • If you want to clean out the keys that are registered with the current ssh-agent, you can run the following to delete the existing keys from the session:

      ssh-add -D

    • If you want to clean out the default keys from the ssh-agent environment instead (e.g., ~/.ssh/id_rsa), you can run the following:

      ssh-add -d

    • If you want to remove a specific key from the ssh-agent environment, you can run, for example:

      ssh-add -d ~/.ssh/id_rsa

      This specifically remove the ~/.ssh/id_rsa key from the ssh-agent environment.

  • For a specific SSH session, you can also run:

    ssh -i ~/.ssh/new_identity myname@some-server.example.com

    The OpenSSH's ssh command allows you to specify the specific public key to use to connect to the remote server using the -i option.