How does ssh choose the correct key to use

authenticationssh

How does ssh-agent understand which key should it use for which remote server?

I've came across different questions and posts that touches this topic somehow, but it still remain unclear to me.

What I have found is that if you want to use different ssh keys you need to use -i option and specify path to needed key or you can setup Identity files that specifies which key pair for which host to use.

But does it mean that by default ssh-agent can use only one key pair and it will try to use it for all remote servers?

Best Answer

But does it mean that by default ssh-agent can use only one key pair and it will try to use it for all remote servers?

By default, ssh-agent will use all the keys added to it to all the servers you connect. You can limit the keys by ssh_config as in the other answer.

The keys have fingerprints, but in the first phase of public key authentication, the public parts are just verified against the server list and if they do not match, authentication is skipped (usually to other key or password authentication).

Related Question