Imagine this scenario, you have 3 GitHub accounts, each have their own purposes. Account A for full time work, account B for portfolio projects and account C for personal projects. Whenever you are going to switch between repo in different accounts, you will need to use a different SSH keys for each account.
Changing SSH config every time you are switching is not good use of your time. Now you might start to think it is possible to have multiple SSH keys for each account and let SSH automatically manage it? Yeah, it is possible, but it can be quite tricky because there is a gotcha which I will explain further in this article.
I am assuming you are running Linux and already have OpenSSH installed. For Mac, you should be fine. For Windows, you need to have git bash installed or WSL.
The first thing we need to do is to create a SSH key for each account.
Go to your terminal and run each command.
ssh-keygen -t rsa -f ~/.ssh/id_rsa_fulltime -C "email@example.com"
ssh-keygen -t rsa -f ~/.ssh/id_rsa_portfolio -C "firstname.lastname@example.org"
ssh-keygen -t rsa -f ~/.ssh/id_rsa_personal -C "email@example.com"
The first command is going to create a SSH key for full time account that are connected with the specified Github email: firstname.lastname@example.org and save it into the specified path:
The second and third commands do the same thing respectively for portfolio account and personal account.
Now you need to go to
~/.ssh and create a file named
config inside it. Open it with vim or other text editor and add the following configurations.
Host * means the config will be applied to every host, not only
AddKeysToAgent tells SSH to remember your passphrase, so you don't need to enter it every time, only on every new login session.
IdentitiesOnly is the gotcha I mean earlier. Let's say you are currently authenticated with fulltime account, and you want to switch to personal account. If you did not specify it, SSH will continue to use the first authenticated SSH key even though we have already specified different SSH key for each account, in this case it will continue to use fulltime SSH key for each account.
The postfix ( eg -personal) after
github.com is used to identify different SSH keys, you can name it whatever you like but it should be unique, usually I named it the context in which the GitHub account is used for.
If you already have an existing cloned repo from GitHub, you need to go the repo directory and edit
.git/config file to append identifier postfix to the github.com hostname.
For example, you already clone a repo named
personal-project from your personal account, to connect the correct SSH key to the repo you have to append this postfix
-personal to the
url = email@example.com:personal-account/personal-project.git
If you want to clone a new repo. Simply append the identifier postfix to the
github.com hostname of the clone url.
git clone firstname.lastname@example.org:personal-account/personal-project.git
After that, you will need to set up Github username and email for the repo by running these commands:
git config user.name "personal-account"
git config user.email "email@example.com"
I encounter this problem recently and was so confused at first, luckily I found a blog post which explains how to fix this issue using
keychain library is used to
store SSH passphrase for one login session, so you only need to reenter passphrase per login session.
First install the library if you haven't installed it:
sudo apt-get install keychain
Add this to the start of your shell config,
.zshrc if you are using zsh or
.bashrc if you are using bash.
if [[ `uname` == Linux ]] then
/usr/bin/keychain command will prompt for ssh passphrase for every login session and save it to
$HOME/.keychain/$HOST-sh, in this case because we have 3 keys, it will be prompted 3 times.
Currently we still need to append identifier postfix to the github.com hostname every time we clone a new repo so SSH know which key to be used.
This can be very repetitive and prone to typo. Is it possible to only specify the postfix only once? Yes, it is possible with the help
.gitconfig. With this solution you also don't need to set email and username anymore.
For example, you have a personal SSH key and a directory named personal which contains repositories, you want it to use personal SSH key automatically. Here's the step to make it automatic:
- Create a
.gitconfigin the root of personal directory.
- Specify email, username and identifier postfix in below format.
email = firstname.lastname@example.org
name = test
insteadOf = email@example.com
- Create a global
.gitconfigin your home directory to tell SSH which local
.gitconfigto use for personal directory by specifying the path.
path = ~/Projects/personal/.gitconfig
Now try to clone a repository, SSH will automatically choose the correct SSH key.
Congratulations, you have successfully setup multiple SSH keys.
See you in the next article!