When using a YubiKey for SSH, it is sometimes
useful to be able to choose which key to use: a local SSH key (defaults to
or the one on the YubiKey.
The common way of selecting a specific SSH key with
ssh is to specify it with the
ssh -i ~/.ssh/id_rsa [email protected]
Or for example for cloning a repository:
GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa' git clone [email protected]<somehost>:<someuser>/<somerepo>.git
Another solution would be to insert this config in
~/.ssh/config, for example
Host <somehost> IdentityFile ~/.ssh/id_rsa
When you however want to force
ssh to use the SSH key from your YubiKey instead of a
local key, you'd have to specify it in some way, here's how.
First extract the SSH public key from your YubiKey. Either using gpg2 with
gpg2 --export-ssh-key <keyid> > ~/.ssh/id_rsa_yubi.pub
or through ssh-agent
ssh-add -L | grep "cardno" > ~/.ssh/id_rsa_yubi.pub
That public key (
~/.ssh/id_rsa_yubi.pub) can then be used with the usual SSH switch
the above to force
ssh to use the key from your YubiKey.