Is a Private Key on a Linux Client Used in SSH Authentication to a Remote Server?

This website ( says "On the SSH command line: Add the -i flag and the path to your private key."

When running an SSH command, you do not think that the client's private key would not come into play. You think that the public key would be used. The man page for SSH says

-i identity_file
Selects a file from which the identity (private key) for public key authentication is read

ssh will also try to load certificate information from the filename obtained by appending to identity filenames.

You think that identity_files are public keys, and the website that you mentioned above is incorrect. Does this -i flag allow a user to denote a public key?

No, the -i flag denotes a private key. The man page and the link above are correct. The private key does come into play when using an SSH command.

Page 166 of SSH, The Secure Shell: The Definitive Guide version 1 explains that the identity file is a private key. For various reasons this private key is used when authenticating via SSH to a remote server.

Terraform: Up & Running, 2nd Edition by Yevgeniy Brikman (O'Reilly), Copyright 2019, 978-1-492-04690-5 (page 214) says that the authorized_keys file on a Linux server that is an EC-2 instance will have the public key of an SSH pair. To access this server your client would need to have the private key that corresponds to the public key on the server.

The convention for a private key's name is often the same, except the public key has a .pub extension.

Leave a comment

Your email address will not be published. Required fields are marked *