Categories

Git and the multiple SSH keys

Intro

As a developer you work on many projects at the same time. Maybe you work on your own project on Gitlab and you’re helping a friend with theirs on GitHub. So, you just added your second SSH key and you’re about to hit that sweet “git clone” or “git fetch” command and git freaks out. Let’s fix that

Adding a SSH key

Let’s first go through the steps of adding a new SSH key.

You will need the OpenSSH client at version 6.5+, which is usually pre-installed on Windows, Linux and MacOS

Encryption types

Gitlab recommends either “ED25519” or “RSA” as the encryption algorithm for a new SSH key.

Open a terminal and type

ssh-keygen -t ed25519 -C "<comment>"

OR 

ssh-keygen -t rsa -b 2048 -C "<comment>"

Press enter and follow the on-screen guide. The first prompt will ask you where the new key pair should be stored. Suggestion – leave it as the default, and just update the file name if you’re like me and you tend to forget stuff easily.

The next prompt will be for a password to protect your shiny new key pair. Or you can leave it blank if you want to

Finaly a confirmation is displayed with a nice randomart image attached to it.

Here’s the full command with the inputs all together:

SSH key generation dialog

As we’re talking about multiple keys, let’s go ahead and generate two more:

Another SSH key generation
A third SSH key generation

Here’s what the directory looks like after the above commands

Directory screenshot after generation

Pointing git to the correct key

Currently, git has no idea which key to use when you call “git fetch” on your GitHub repo. Let’s fix that.

Open a terminal and sudo nano/vim/vi into ~/.ssh/config

We need to point each key to a host, and you can do that by using the following directive:

Host host.extension
  IdentityFile ~/.ssh/KEY_TO_LINK

Example of the above keys being configured to three separate domains:

Config file mapping example

Additional flags

You can add many more flags to each directive. The one you see added above means the following:

Specifies whether keys should be automatically added to a running ssh-agent(1). If this option is set to yes and a key is loaded from a file, the key and its passphrase are added to the agent with the default lifetime, as if by ssh-add(1). If this option is set to askssh(1) will require confirmation using the SSH_ASKPASS program before adding a key (see ssh-add(1) for details)

https://man.openbsd.org/ssh_config

For more details on additional flags, please check the main ssh config man page: https://man.openbsd.org/ssh_config

That’s it. Happy coding

Home