Contacting the Spirits in Multiple Dimensions with SSH Keys

What up! ☝🏻

Recently I had the problem of requiring multiple SSH keys for the same host. The host in question was GitHub. I’m not a huge fan of reusing the same key across multiple resources, sometimes you’ll catch me using the same key for git services, but when it comes to SSH access to remote hosts, it’s a hard no.

Stack Exchange had a heap of solutions including adding an entry to your identity file (more on this later), setting the GIT_SSH_COMMAND environment variable, configuring core.sshCommand as well as a few others such as configuring custom scripts and other “urgh” based solutions.

The tl;dr is I created an SSH key and associated it with a host entry in my SSH config file by specifying the Host value as github.com-username when I did a clone or added a remote I would then do git clone git@github.com-username:username/myrepo.git.

Create Keys for your GitHub Account(s)

$ ssh-keygen -t rsa -C "github-username" -f "~/.ssh/github-username"`

The -C comment is optional and allows you to easily identify the key. If you have ever catted a public key file you will notice the comment at the end of the file, for example:

$ cat test.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPzxupGm96maeWxmt8P41omL9kTJ
FpQepkCa1ecZajPJdXpUQwxiDLJgcq9Lrl7wCTxlw3D5vNUXQaCmwxqzWhxUOCpiY7
3OgEFNgJDZGJt3bLenn2+10E7GYGRwHsgBioex7jjM3WsciGhGesykjv7GMwrYS0zy
1sYu4O+yQFtyxPyGKJ6Ze2dOakACQOS5Xa9whumcsmtDQLTuHNC5iNWeoLYSZNWvOD
p7N1OVFcRua03mODtkUeLL9vziLI3hFpG/9N3U71TLxR2pT904hKnJttzzDjnC7k6h
A8SoOdrF4hJd7kAGidRRw4ptYZ0t7p+8hOBTFlTFuIh0vkH this is an example comment

The -f flag allows you to specify the name of the key-pair, this can also be done when using the ssh-keygen wizard:

Enter file in which to save the key (/Users/errbufferoverfl/.ssh/id_rsa):

Either way, I’d suggest you use something meaningful such as servicename-username, enter a strong password using your password manager, you should now have a public and private key in your ~/.ssh/ directory.

Add the Public Key to the Associated GitHub Account

The GitHub documentation can help if you are unfamiliar with this step.

Configure SSH Config

If you don’t have one already, in your ~/.ssh/ create a file called config. For GitHub we can configure it as follows (remember to change the username to your GitHub usernames):

# account one
Host github.com-username
    HostName github.com
    User git
    ItentifyFile ~/.ssh/github-username

# account two
Host github.com-username-two
    HostName github.com
    User git
    ItentifyFile ~/.ssh/github-username-two

Configure your Git Repo

If you have an existing repo you previously cloned you may need to modify your .git/config remote origin so it works with your new configuration. However, if you haven’t, the following syntax will ensure the repository is set up correctly:

$ git clone git@github.com-username:username/yourrepo.git

The username you specify after the : should match the value you set earlier.

Once you have your repository cloned you can configure your user name and user email.

As mentioned previously, if you already have a repository, you will need to update the origin that is already configured. This can be done as follows:

$ git remote set-url origin git@github.com-username:username/your-repo-name.git

Ensure the details between the : and the @ match the relevant Host details in your SSH config file.

You should not be able to git push and git pull like normal and it should automatically select the correct keys.

Note

More recently I have been using submodules, these can cause an annoying little problem when using SSH keys in this way as when downloading the submodule it does not automatically select the keys. To fix this you will want to update the submodule remotes within the .git/config file in the same way we did previously.