| layout | title | description | categories |
|---|---|---|---|
default |
Multiple SSH keys |
How to push using different SSH keys on the same computer |
intermediate |
This guide assumes you have already created two keypairs and attached them to different GitHub user accounts. For this example we will be using ~/.ssh/id_rsa attached to the user joe and ~/.ssh/id_rsa_client attached to the user client.
The first keypair, ~/.ssh/id_rsa, uses a default name, so we don't need to do anything special to make SSH use this pair. The second pair, however, is not a default name. Therefore, we need to tell ssh about it so that it can use it:
ssh-add ~/.ssh/id_rsa_client
If the keypair has a passphrase on it (it should!), ssh-add will ask you to enter the passphrase. After you have done this, the key will be available from ssh-agent so you won't have to re-enter the passphrase every time you use it.
Once SSH has access to both keys, you need to tell it which key to use for which server. In most cases you can assume that SSH will fall back to ~/.ssh/id_rsa by default, but we're going to force it anyway. To begin, open ~/.ssh/config in your favorite editor.
{% highlight bash %}
Host github.com HostName github.com User git IdentityFile /Users/joe/.ssh/id_rsa
Host github-client HostName github.com User git IdentityFile /Users/joe/.ssh/id_rsa_client {% endhighlight %}
In short what this does is tells SSH to use the client key when connecting to the server github-client, which is really github.com.
From here on, everything is the same as everyday use except for one component, the domain name. When working on a repo owned by the primary account, we would use a command like:
git clone git@github.com:joe/my_repo.git
When we want to use the second account's key, however, we need to change the domain name. Doing so will use the settings in ~/.ssh/config to override the defaults.
git clone git@github-client:client/his_repo.git