How to Specify a Custom SSH Key When Connecting to Remote Servers


2 views

When working with multiple SSH keys for different servers, you need to explicitly tell SSH which identity file to use. By default, SSH looks for keys in ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, or ~/.ssh/id_ed25519. When you have custom-named keys, you must specify them manually.

The simplest way is using the -i flag with ssh:

ssh -i ~/.ssh/custom_key.pem user@example.com

This works well for occasional connections but becomes tedious for frequent access.

For recurring connections, edit your SSH config file:

Host myserver1
    HostName server1.example.com
    User username
    IdentityFile ~/.ssh/server1_key
    IdentitiesOnly yes

Host myserver2
    HostName server2.example.org
    User different_username
    IdentityFile ~/.ssh/server2_key
    IdentitiesOnly yes

The IdentitiesOnly yes directive ensures SSH only tries the specified key.

For complex environments with jump hosts or bastion servers:

Host bastion
    HostName bastion.example.net
    User jumper
    IdentityFile ~/.ssh/bastion_key

Host internal-server
    HostName 10.0.0.5
    User internal_user
    IdentityFile ~/.ssh/internal_key
    ProxyJump bastion

If keys aren't being used as expected:

  1. Verify permissions: chmod 600 ~/.ssh/your_key
  2. Check SSH debug output: ssh -v -i your_key user@host
  3. Ensure IdentitiesOnly yes is set if using config files
  • Never share private keys across different security zones
  • Use passphrase protection for all keys
  • Consider using ssh-agent for better key management

SSH (Secure Shell) typically uses ~/.ssh/id_rsa as the default private key for authentication. However, when managing multiple servers with different access credentials, you'll need to explicitly specify which key to use.

The simplest way is to use the -i flag with the ssh command:

ssh -i ~/.ssh/custom_key.pem user@example.com

For persistent configuration, edit ~/.ssh/config (create if doesn't exist):

Host server-alias
    HostName example.com
    User username
    IdentityFile ~/.ssh/custom_key
    Port 22

Then simply connect using:

ssh server-alias

For complex environments with multiple keys:

# Work servers
Host work-*
    IdentityFile ~/.ssh/work_key

# Personal servers 
Host personal-*
    IdentityFile ~/.ssh/personal_key

# Specific server
Host production
    HostName prod.example.com
    User admin
    IdentityFile ~/.ssh/prod_key

Common issues often stem from incorrect permissions:

chmod 600 ~/.ssh/custom_key
chmod 644 ~/.ssh/custom_key.pub
chmod 700 ~/.ssh

Add keys to ssh-agent for convenience:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/first_key
ssh-add ~/.ssh/second_key

The agent will automatically try all added keys during authentication.

  • Always use passphrase-protected keys
  • Regularly rotate keys (especially for production environments)
  • Use different keys for different security zones
  • Consider using ed25519 keys instead of RSA for better security