Ubuntu
openssh package

doesn't accept multiple keys in id_rsa

Bug #374427 reported by wretched_dutchman
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

When maintaining multiple servers with different rsa-keys it isn't possible to put all the files in ~/.ssh/id_rsa.
With multiple keys in ~/.ssh/id_rsa it only accepts the first key, the rest is ignored.
the way I create the id_rsa file:
cat id_rsa_server >> ~/.ssh/id_rsa

Revision history for this message
Colin Watson (cjwatson) wrote :

I don't understand what you're trying to do. The id_rsa file is only supposed to contain one key; you can put other keys in different files. What are you trying to achieve by putting multiple keys in one file?

Changed in openssh (Ubuntu):
status: New → Incomplete
Revision history for this message
Tomas Pospisek (tpo-deb) wrote :

wretched_dutchman wrote:

> > When maintaining multiple servers with different rsa-keys it isn't possible to put all the files in ~/.ssh/id_rsa.

Colin answered:

> I don't understand what you're trying to do. The id_rsa file is only supposed to contain one key; you can put other keys in
> different files. What are you trying to achieve by putting multiple keys in one file?

I'm having the same problem I guess:

There are several servers that have different public keys. Now I find out that I want to log into them from the same client machine. I could go and copy all the private keys to different id_rsa files:

- id_rsa1
- id_rsa2
- id_rsa3

Now why would I need/want to differentiate the keys? I don't care what they are named. I just want to log in with whatever key fits (to use a RL analogy: I'd just try to plug in one key after the other into the lock until one opens it).

So I'd say this is more of a feature request?
*t

Changed in openssh (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Tomas Pospisek (tpo-deb) wrote :

> Now why would I need/want to differentiate the keys? I don't care what they are named. I just want to log in with whatever > key fits (to use a RL analogy: I'd just try to plug in one key after the other into the lock until one opens it).

So I'd like to say something like: use whatever key fits. So either I'd need to give start ssh like this:

   ssh -i ~/.ssh/id_rsa1 -i ~/.ssh/id_rsa2 -i ~/.ssh/id_rsa3 -i ~/.ssh/id_rsa4 ...

which is bothersome or, the natural way would seem like saying:

   ssh -i ~/.ssh/id_rsa

respectively by using the default identity file:

   ssh ...

which would use whatever key in id_rsa that works with the public key on the server.
*t

Revision history for this message
Thierry Carrez (ttx) wrote :

The correct way of doing this is to specify multiple "IdentityFile" lines in your ~/.ssh/config

The id_rsa[.pub] files represent a keypair and isn't supposed to contain multiple identities, but it's easy and perfectly valid to use several keys, either by using -i or IdentityFile. Closing as this is not a bug and not really a missing feature.

Changed in openssh (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Steve Lacy (7-launchpad-slacy-com) wrote :

To give more detail, here's what your ~/.ssh/config file needs to look like:

Host *
IdentityFile id_rsa.pub
Host hostname_with_special_keys.com
IdentifyFile id_rsa.hostname_with_special_keys.pub
Host another_host.com
IdentityFile id_rsa.another_host.pub

The actual hostnames and file names are arbitrary, and do not need to match. By doing this, you won't need to specify -i on the commandline each time.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.