YubiKey SSH key instead of local key

When using a YubiKey for SSH, it is sometimes useful to be able to choose which key to use: a local SSH key (defaults to ~/.ssh/id_rsa) or the one on the YubiKey.

The common way of selecting a specific SSH key with ssh is to specify it with the -i switch:

ssh -i ~/.ssh/id_rsa [email protected]

Or for example for cloning a repository:

GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa' git clone git@<somehost>:<someuser>/<somerepo>.git

Another solution would be to insert this config in ~/.ssh/config, for example

Host <somehost>
   IdentityFile ~/.ssh/id_rsa

When you however want to force ssh to use the SSH key from your YubiKey instead of a local key, you'd have to specify it in some way, here's how.

First extract the SSH public key from your YubiKey. Either using gpg2 with

gpg2 --export-ssh-key <keyid> > ~/.ssh/id_rsa_yubi.pub

or through ssh-agent

ssh-add -L | grep "cardno" > ~/.ssh/id_rsa_yubi.pub

That public key (~/.ssh/id_rsa_yubi.pub) can then be used with the usual SSH switch -i like the above to force ssh to use the key from your YubiKey.