The ssh client will check all your keys until it finds one that matches.
This is how it works (this is very simplified, before this a quite complex dance has been made to encrypt all of this):
- The server creates an auth token.
- The token is encrypted using your public key on the server.
- The server send the encrypted token to the client.
- The client tries to decrypt the token, using all known private keys.
- If it is successful it will send the decrypted token back to the server.
- If the token matchs the server will let the client in.
What files are keys depends on the client.
For the Openssh client (Ubuntu default client), according to its man page, the files that are supposed to be private keys are ./sshid_rsa, .ssh/id_dsa, .ssh/id_ecdsa, plus those given after the -i flag (it supports multiple files) and those declared in the config file.
You can give it the -v option to make it print a line when it tries to use any file as a key. This is an example from a non-key login:
$ ssh -v www.hostremoved.com
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
<...>
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/javier/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/javier/.ssh/id_dsa
debug1: Trying private key: /home/javier/.ssh/id_ecdsa
debug1: Next authentication method: password
<...>
As you can see, it prints all the keys it tries, it fails all. You can use this in your system to discover what files is ssh using in your own system.
Below you can see the output if some existing key is found and tried
debug1: Authentications that can continue: publickey,password
debug1: Offering RSA public key: user@xyz
user@xyz
is the information appended to the public key.
If you're wondering how your ssh client finds your private keys, it's not magic. Under Gnome (xfce and KDE also) there is a special ssh-agent that automatically adds keys in .ssh
directory that have a correspondending public key with the ending .pub
.
If you not have such a comfortable ssh agent, you'll have to add your private keys with ssh-add key
.
Best Answer
I found a solution at: https://vsys.host/how-to/how-to-use-the-ssh-config-file
HOST AND PATTERN MATCHING Sophisticated host and pattern matching in SSH config files allows for efficient management of connections to multiple servers. Using patterns and wildcards, configurations can be applied broadly or excluded for specific hosts, demonstrating the powerful flexibility of SSH config files in managing complex server environments.
Example:
This setup specifies different SSH keys and user names for development (dev-) and production (prod-) environments, showcasing the ability to tailor SSH connections to specific requirements.
OPTIMIZING CONNECTION PARAMETERS
REUSING SSH CONNECTIONS:
The ControlMaster, ControlPath, and ControlPersist parameters are pivotal for reusing SSH connections, minimizing connection times for subsequent sessions.
Example:
Host *
This configuration enables sharing multiple sessions over a single network connection, improving efficiency, especially in scripts or automated tasks.
CONNECTION RELIABILITY AND RESPONSIVENESS: Adjusting ConnectTimeout and ServerAliveInterval ensures SSH connections are more reliable and responsive under various network conditions.
Example:
These settings help maintain the connection alive or determine faster if the connection has been dropped, improving overall reliability.
ENHANCING SECURITY CONTROLLED USE OF SSH-AGENT: The IdentitiesOnly option restricts SSH to use only specified identities, enhancing security by preventing the misuse of keys managed by ssh-agent.
Example:
This ensures that only the specified key is used for connections to example.com, even if other keys are available in ssh-agent.
VISUAL VERIFICATION OF HOST KEYS The VisualHostKey feature offers a visual representation of host keys, aiding in the quick identification of unauthorized changes.
Example:
When enabled, SSH displays a visual pattern of the host key fingerprint upon connection, providing an additional layer of security verification.
AUTOMATING SSH CONFIGURATIONS SCRIPTING FOR CONFIGURATION MANAGEMENT Automation through scripting is invaluable for maintaining up-to-date SSH config files, minimizing manual intervention and reducing the risk of errors. Scripts can be designed to dynamically add new hosts or update configurations, ensuring a streamlined and current SSH setup.
Example script snippet for adding a new host:
This simple script appends a new host configuration to the user’s SSH config file, showcasing the ease with which SSH configurations can be automated.