Specification of identity for ssh client to use

[Alan Barrett]

Is there any way to tell the openssh client exactly which identity to
use for an outgoing commection?  I know about "-i identityfile", but
it doesn't do what I want.  I want to precisely specify the identity
to use, not just add an identity to a list of things to try.  Whatever
mechanism is used should work both for local files and for identities
managed by ssh-agent.

My ssh client has access to multiple identities (some from files, and
some from ssh-agent), and more than one of the available identities
would allow me to login to a target account, but different identities
have different "command=" restrictions in the target account's
.ssh/authorized_keys2 file.  So I want to specify on the ssh command
line exactly which identity to use; I don't want the client to do just
keep trying multiple identities until one of them works, because then it
may use an identity that has the wrong "command=" restrictions on the
server side.

--apb (Alan Barrett)