Contacting the Spirits in Multiple Dimensions with SSH Keys¶
What up! ☝🏻
Recently I had the problem of requiring multiple SSH keys for the same host. The host in question was GitHub. I’m not a huge fan of reusing the same key across multiple resources, sometimes you’ll catch me using the same key for git services, but when it comes to SSH access to remote hosts, it’s a hard no.
Stack Exchange had a heap of solutions including adding an entry to your identity file (more on this later), setting the GIT_SSH_COMMAND environment variable, configuring core.sshCommand as well as a few others such as configuring custom scripts and other “urgh” based solutions.
The tl;dr is I created an SSH key and associated it with a host entry in my SSH config file by specifying the Host value as github.com-username when I did a clone or added a remote I would then do git clone [email protected]:username/myrepo.git.
Create Keys for your GitHub Account(s)¶
$ ssh-keygen -t rsa -C "github-username" -f "~/.ssh/github-username"`
The -C comment is optional and allows you to easily identify the key. If you have ever catted a public key file you will notice the comment at the end of the file, for example:
$ cat test.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPzxupGm96maeWxmt8P41omL9kTJ
FpQepkCa1ecZajPJdXpUQwxiDLJgcq9Lrl7wCTxlw3D5vNUXQaCmwxqzWhxUOCpiY7
3OgEFNgJDZGJt3bLenn2+10E7GYGRwHsgBioex7jjM3WsciGhGesykjv7GMwrYS0zy
1sYu4O+yQFtyxPyGKJ6Ze2dOakACQOS5Xa9whumcsmtDQLTuHNC5iNWeoLYSZNWvOD
p7N1OVFcRua03mODtkUeLL9vziLI3hFpG/9N3U71TLxR2pT904hKnJttzzDjnC7k6h
A8SoOdrF4hJd7kAGidRRw4ptYZ0t7p+8hOBTFlTFuIh0vkH this is an example comment
The -f flag allows you to specify the name of the key-pair, this can also be done when using the ssh-keygen wizard:
Enter file in which to save the key (/Users/errbufferoverfl/.ssh/id_rsa):
Either way, I’d suggest you use something meaningful such as servicename-username, enter a strong password using your password manager, you should now have a public and private key in your ~/.ssh/ directory.
Add the Public Key to the Associated GitHub Account¶
The GitHub documentation can help if you are unfamiliar with this step.
Configure SSH Config¶
If you don’t have one already, in your ~/.ssh/ create a file called config. For GitHub we can configure it as follows (remember to change the username to your GitHub usernames):
# account one
Host github.com-username
HostName github.com
User git
ItentifyFile ~/.ssh/github-username
# account two
Host github.com-username-two
HostName github.com
User git
ItentifyFile ~/.ssh/github-username-two
Configure your Git Repo¶
If you have an existing repo you previously cloned you may need to modify your .git/config remote origin so it works with your new configuration. However, if you haven’t, the following syntax will ensure the repository is set up correctly:
$ git clone [email protected]:username/yourrepo.git
The username you specify after the : should match the value you set earlier.
Once you have your repository cloned you can configure your user name and user email.
As mentioned previously, if you already have a repository, you will need to update the origin that is already configured. This can be done as follows:
$ git remote set-url origin [email protected]:username/your-repo-name.git
Ensure the details between the : and the @ match the relevant Host details in your SSH config file.
You should not be able to git push and git pull like normal and it should automatically select the correct keys.
Note
More recently I have been using submodules, these can cause an annoying little problem when using SSH keys in this way as when downloading the submodule it does not automatically select the keys. To fix this you will want to update the submodule remotes within the .git/config file in the same way we did previously.