Multiple GitHub Accounts & SSH Config

ssh github ssh-keys
124,015

Solution 1

Andy Lester's response is accurate but I found an important extra step I needed to make to get this to work. In trying to get two profiles set up, one for personal and one for work, my ~/.ssh/config was roughly as follows:

Host me.github.com
    HostName github.com
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/me_rsa

Host work.github.com
    HostName github.com
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/work_rsa

My work profile didn't take until I did a ssh-add ~/.ssh/work_rsa. After that connections to github used the correct profile. Previously they defaulted to the first public key.

For Could not open a connection to your authentication agent when using ssh-add,
check: https://stackoverflow.com/a/17695338/1760313

Solution 2

I recently had to do this and had to sift through all these answers and their comments to eventually piece the information together, so I'll put it all here, in one post, for your convenience:


Step 1: ssh keys
Create any keypairs you'll need. In this example I've named me default/original 'id_rsa' (which is the default) and my new one 'id_rsa-work':

ssh-keygen -t rsa -C "[email protected]"


Step 2: ssh config
Set up multiple ssh profiles by creating/modifying ~/.ssh/config. Note the slightly differing 'Host' values:

# Default GitHub
Host github.com
    HostName github.com
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa

# Work GitHub
Host work.github.com
    HostName github.com
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa_work


Step 3: ssh-add
You may or may not have to do this. To check, list identity fingerprints by running:

$ ssh-add -l
2048 1f:1a:b8:69:cd:e3:ee:68:e1:c4:da:d8:96:7c:d0:6f stefano (RSA)
2048 6d:65:b9:3b:ff:9c:5a:54:1c:2f:6a:f7:44:03:84:3f [email protected] (RSA)

If your entries aren't there then run:

ssh-add ~/.ssh/id_rsa_work


Step 4: test
To test you've done this all correctly, I suggest the following quick check:

$ ssh -T [email protected]
Hi stefano! You've successfully authenticated, but GitHub does not provide shell access.

$ ssh -T [email protected]
Hi stefano! You've successfully authenticated, but GitHub does not provide shell access.

Note that you'll have to change the hostname (github / work.github) depending on what key/identity you'd like to use. But now you should be good to go! :)

Solution 3

Let's say alice is a github.com user, with 2 or more private repositories repoN. For this example we'll work with just two repositories named repo1 and repo2

https://github.com/alice/repo1

https://github.com/alice/repo2

You need to be to pull from these repositories without entering a passwords probably on a server, or on multiple servers. You want to perform git pull origin master for example, and you want this to happen without asking for a password.

You don't like dealing with ssh-agent, you have discovered (or you're discovering now) about ~/.ssh/config a file that let's your ssh client know what private key to use depending on Hostname and username, with a simple configuration entry that looks like this:

Host github.com
  HostName github.com
  User git
  IdentityFile /home/alice/.ssh/alice_github.id_rsa
  IdentitiesOnly yes

So you went ahead and created your (alice_github.id_rsa, alice_github.id_rsa.pub) keypair, you then also went to your repository's .git/config file and you modified the url of your remote origin to be something like this:

[remote "origin"]
        url = "ssh://[email protected]/alice/repo1.git"

And finally you went to the repository Settings > Deploy keys section and added the contents of alice_github.id_rsa.pub

At this point you could do your git pull origin master without entering a password without issue.

but what about the second repository?

So your instinct will be to grab that key and add it to repo2's Deploy keys, but github.com will error out and tell you that the key is already being used.

Now you go and generate another key (using ssh-keygen -t rsa -C "[email protected]" without passwords of course), and so that this doesn't become a mess, you will now name your keys like this:

  • repo1 keypair: (repo1.alice_github.id_rsa, repo1.alice_github.id_rsa.pub)
  • repo2 keypair: (repo2.alice_github.id_rsa, repo2.alice_github.id_rsa.pub)

You will now put the new public key on repo2's Deploy keys configuration at github.com, but now you have an ssh problem to deal with.

How can ssh tell which key to use if the repositories are hosted on the same github.com domain?

Your .ssh/config file points to github.com and it doesn't know which key to use when it's time to do the pull.

So I found a trick with github.com. You can tell your ssh client that each repository lives in a different github.com subdomain, in these cases, they will be repo1.github.com and repo2.github.com

So first thing is editing the .git/config files on your repo clones, so they look like this instead:

For repo1

[remote "origin"]
        url = "ssh://[email protected]/alice/repo1.git"

For repo2

[remote "origin"]
        url = "ssh://[email protected]/alice/repo2.git"

And then, on your .ssh/config file, now you will be able to enter a configuration for each subdomain :)

Host repo1.github.com
  HostName github.com
  User git
  IdentityFile /home/alice/.ssh/repo1.alice_github.id_rsa
  IdentitiesOnly yes

Host repo2.github.com
  HostName github.com
  User git
  IdentityFile /home/alice/.ssh/repo2.alice_github.id_rsa
  IdentitiesOnly yes

Now you are able to git pull origin master without entering any passwords from both repositories.

If you have multiple machines, you could copy the keys to each of the machines and reuse them, but I'd advise doing the leg work to generate 1 key per machine and repo. You will have a lot more keys to handle, but you will be less vulnerable if one gets compromised.

Solution 4

I have 2 accounts on github, and here is what I did (on linux) to make it work.

Keys

  • Create 2 pair of rsa keys, via ssh-keygen, name them properly, so that make life easier.
  • Add private keys to local agent via ssh-add path_to_private_key
  • For each github account, upload a (distinct) public key.

Configuration

~/.ssh/config

Host github-kc
    Hostname        github.com
    User git
    IdentityFile    ~/.ssh/github_rsa_kc.pub
    # LogLevel DEBUG3

Host github-abc
    Hostname        github.com
    User git
    IdentityFile    ~/.ssh/github_rsa_abc.pub
    # LogLevel DEBUG3

Set remote url for repo:

  • For repo in Host github-kc:

    git remote set-url origin git@github-kc:kuchaguangjie/pygtrans.git

  • For repo in Host github-abc:

    git remote set-url origin git@github-abc:abcdefg/yyy.git

Explaination

Options in ~/.ssh/config:

  • Host github-<identify_specific_user>
    Host could be any value that could identify a host plus an account, it don't need to be a real host, e.g github-kc identify one of my account on github for my local laptop,

    When set remote url for a git repo, this is the value to put after git@, that's how a repo maps to a Host, e.g git remote set-url origin git@github-kc:kuchaguangjie/pygtrans.git


  • [Following are sub options of Host]
  • Hostname
    specify the actual hostname, just use github.com for github,
  • User git
    the user is always git for github,
  • IdentityFile
    specify key to use, just put the path the a public key,
  • LogLevel
    specify log level to debug, if any issue, DEBUG3 gives the most detailed info.

Solution 5

Use the IdentityFile parameter in your ~/.ssh/config:

Host github.com
    HostName github.com
    IdentityFile ~/.ssh/github.rsa
    User petdance
Share:
124,015

Related videos on Youtube

radesix
Author by

radesix

A born software engineer influenced by German engineering, house music, and sky diving

Updated on February 21, 2021

Comments

  • radesix
    radesix over 3 years

    I'm having some trouble getting two different SSH keys/GitHub accounts to play well together. I have the following setup:

    Repos accessible from one account using [email protected]:accountname

    Repos accessible from another account using [email protected]:anotheraccount

    Each account has its own SSH key. Both SSH keys have been added and I have created a config file. I don't believe the config file is correct though. I'm not quite sure how to specify that repos accessed using [email protected]:accountname should use id_rsa and [email protected]:anotheraccount should use id_rsa_anotheraccount.

    • jgreen
      jgreen about 5 years
      I found this link helpful medium.freecodecamp.org/…
    • mc01
      mc01 about 5 years
      I have 3 separate SSH identities in ~/.ssh/config. The one for school server has a passcode; the 2 for separate work/personal GitHub accts do not. Running git pull kept failing & asking for the school passcode, despite separate Identity files, "IdentitiesOnly=yes," separate domains & Hostnames, all present in ssh-add -l ... The uni key was 'first' regardless of that setup. Had to move its section below the others in .ssh/config, and now git pull from both GitHub accts succeeds w/o asking for uni ssh password.
    • Julius Š.
      Julius Š. almost 4 years
      That is answered in detail here superuser.com/questions/232373/…
  • radesix
    radesix almost 14 years
    Thanks but this isn't quite accurate. I found the answer and shared below.
  • Andy Lester
    Andy Lester almost 14 years
    I'm pretty sure my approach will work in your case. You can identify different users and different identity files. Just need to give each a different Host parameter on the config stanza.
  • radesix
    radesix almost 14 years
    Andy, according to the link I found below I needed to drop the .com from the host. Once I did that it worked fine.
  • sage
    sage over 12 years
    Thanks! - the ssh-add was what I was missing.
  • phatmann
    phatmann over 12 years
    By using ssh-add, I could see that I did not have the file permissions for the key set correctly. Once I fixed that everything worked. So thanks!
  • BobS
    BobS about 12 years
    See also doblock.com/articles/…. The key new piece of info there is that you may need to add the username ("work", in this example) to the hostname in the remote URL, i.e., [email protected]:work/my_repo.git (as opposed to "[email protected]...")
  • Casey
    Casey about 12 years
  • Mechanical snail
    Mechanical snail about 12 years
    To fix the problem that "they defaulted to the first public key", add IdentitiesOnly yes to the Host * section of your ~/.ssh/config file. This tells ssh to actually use the IdentityFiles you specify, rather than spamming the server with all of them.
  • James Raitsev
    James Raitsev almost 12 years
    What does your private key look like?
  • dolmen
    dolmen over 10 years
    Just use my github-keygen tool: github-keygen me work (Yes, that's all!).
  • Von
    Von over 10 years
    Note if you have a 'Host *' block with an 'IdentityFile' statement, to force a particular key, you need to negate the target hostname for that Host block - e.g. 'Host * !work.github.com' - that, in addition to IdentitiesOnly as @Mechanicalsnail suggests will force a particular key.
  • gaurav.singharoy
    gaurav.singharoy about 10 years
    This is a great response. I had to use ssh-add to add both the ssh keys to utilize the config file.. Thanks :)
  • soulmachine
    soulmachine over 9 years
    Thanks a lot, I missed ssh-add and kept failing
  • Tulio
    Tulio over 9 years
    Don't forget to run chmod 600 ~/.ssh/config if you has just created your config file. I was having trouble here.
  • lucacerone
    lucacerone over 9 years
    Hi everybody, do you know how I can have git to use differente emails for different accounts? e.g. i would like to push to me.github.com using [email protected] and to work.github.com using [email protected]
  • Admin
    Admin over 9 years
    @lucacerone, you just need to change the user/email in the project scope. Change to the directory and type git config user.name 'John Smith' and then git config user.email [email protected]. This will override your global config which can be seen by git config --global user.name.
  • JaskeyLam
    JaskeyLam over 8 years
    what is the "Host" and "Host" name should be set if I am not using github but gitlab set up at company?
  • Saraschandraa
    Saraschandraa over 8 years
    When i run ~/.ssh/config I get permission denied.
  • JHH
    JHH about 8 years
    @Saraschandraa It shouldn't be run. It's a config (text) file you create.
  • Mark Chackerian
    Mark Chackerian about 8 years
    lovely -- did not need ssh-add path_to_private_key -- probably because the agent isn't required in this case. The config file is explicitly defining the path to the keys.
  • Daniel Viglione
    Daniel Viglione over 7 years
    The only thing I like to add is when you run ssh-keygen -t rsa, it will give you a default file name, that is where you enter your custom file name.
  • Ashhar Hasan
    Ashhar Hasan over 7 years
    @MarkChackerian I think you don't need ssh-add because your keys aren't password protected or (if you're on a Mac) the OSX keychain is handling it for you. ssh-add prevents you from needing to enter the passphrase every time you access your keys.
  • Barry
    Barry over 7 years
    On a related note, is it possible to add a comment in the .ssh/config file without messing it up? Just curious. I assume you can add some with #.
  • Paulo
    Paulo over 6 years
    but what if there isn't a separate work doman like work.github.com ?
  • cezar
    cezar over 6 years
    Thanks for the link to the turorial! You have a typo: the key names id_rsa_proj1 and proj1_id_rsa should actually be same. You could also add the part about .git/config settings from the tutorial to your answer.
  • cezar
    cezar over 6 years
    You still have a typo: proj1.id_rsa vs. proj1_id_rsa
  • TestingWithArif
    TestingWithArif over 6 years
    One of best answers. Also this video helped me. youtube.com/watch?v=fnSRBRiQIU8&feature=youtu.be
  • Val
    Val about 6 years
    I setup 3 hosts and this worked like a charm. I'm using Mac OSx High Sierra 10.13.
  • Mike Miller
    Mike Miller about 6 years
    Specifying the subdomain that matches the host in .ssh/config is the crucial step - thanks a lot for that
  • basin
    basin almost 6 years
    This can be improved with insteadOf : Use different ssh keys for different github repos
  • Dave Engineer
    Dave Engineer over 5 years
    Good post, would be nice if this post included setting your git config 'email': help.github.com/articles/…
  • Anders
    Anders almost 5 years
    @Paulo, as I understand this, Host is used to tell which configurations to use. It is the name you use on the command line. But Hostname will tell ssh which machine to actually connect to. That is why they point/use the same Hostname in both Host Stanzas. So, ssh me.github,com will actually connect to github.com, but use configurations from me.github,com.
  • Tom N Tech
    Tom N Tech over 3 years
    I find it very frustrating that all the answers to this and related questions omit the last part: the git clone command to run to checkout the project using the git CLI and the ~/.ssh/config file! :(
  • uniquegino
    uniquegino over 3 years
    If anyone else is getting "error connecting to agent" when doing "ssh-agent", check this out stackoverflow.com/questions/52113738/…
  • Dhaval
    Dhaval over 3 years
    Great, to the point and what I was looking for. Thanks
  • CodeIntern
    CodeIntern about 3 years
    Is there any documentation that talks about appending -account1 to the github domain? After testing it, it definitely works, but it caught me by surprise because I haven't read about it anywhere.
  • Keshav Aggarwal
    Keshav Aggarwal almost 3 years
    ssh-add ~/.ssh/work_rsa did the Trick, thanks a tonn!!!!
  • Des
    Des over 2 years
    Nice explanation of the Host component, thanks

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Read Only access to GitHub repo via SSH key
SSH Public key denied on "git clone" command
How to generate ssh keys (for github)
Having Trouble Switching Github accounts on terminal
Cannot push to git repository - permission denied
GitHub Error: Key already in use
How to reset or change the passphrase for a GitHub SSH key?
Why doesn't my SSH key work for connecting to github?
GPG vs SSH keys
Calculate RSA key fingerprint