How to configure multiple SSH Keys settings for different Github accounts and have your local development environment(s) set to work with them all, orderly.
It is a very common scenario: developers having to deal with two or more Github accounts, and/or several discentralized projects.
While Github helps keep each project organized and separated, most likely the developer will use the same machine to work with more than one Github account. As Github doesn't allow the same SSH PUBLIC Key to be added across accounts, the developer is forced to keep more than one set of SSH Keys (PRIVATE and PUBLIC Keys) in the same machine, then use the correct one to access each specific repository.
The usage of SSH to access Github repositories is optional. The ones accessible via HTTPS are protected via SSL without requiring SSH Keys. As such, if SSL instead SSH is O.K. for you, simply stop reading this tutorial and have fun coding. 😏
In the same sense, this tutorial won't cover how to setup a single SSH Key. It should be a basic task for any developer. However, if you don't know how to do it, I strongly suggest you to read this page.
Finally, this tutorial only covers the process for Linux/Unix/Mac environments. For Windowstm environments I suggest you to Bing it.
So, let's get our handy dirty! The entire process can be done in three easy steps:
Assuming you have downloaded and installed the latest version of Git and already configured it correctly, now it is time to create your SSH Keys. Lets begin by creating your personal SSH Keys. Open the terminal and enter the following:
ssh-keygen -t rsa -C "your_email@youremail.com"Where it reads your_email@youremail.com change it for the email associated with your Github personal account.
The SSH Key Generator should respond with a message indicating that you are about to create a set of SSH Keys, then it will wait for you to enter the name of the file you want to use. Here is where the tric begins. If you press Enter without entering any name the SSH Key Generator will create two files: id_rsa (the PRIVATE KEY) and id_rsa.pub (the PUBLIC KEY). For your primary or sinlge SSH Key you can leave it blank and simply press Enter. However, for multiple SSH Keys, each key set must have its unique name. To be safe and simplify further management, I would suggest you to create your personal SSH Keys somehow like "id_rsa_YourName", which would result in: id_rsa_YourName (the PRIVATE KEY) and id_rsa_YourName.pub (the PUBLIC KEY, which will have a .pub extension).
Once you type the desired name and press Enter, the SSH Key Generator will ask you for a passphrase. If you enter anything here you will be asked to re-enter it each time you use the SSH Key. However, as much as we could use it, we don't need it for the purpose of security neither Github requires it. as such, you can simply skip it by pressing Enter without entering anything. The SSH Key Generator will ask you to confirm the passphrase. Simply press Enter once again for the process to complete.
You should see a message saying The key fingerprint is: with a bunch of numbers, followed by another message saying The key's randomart image is:, with an ASCII representation of an image under it. It means you SSH Keys were created correctly.
Now, let's create the second set of SSH Keys we will use for the other Github account. Simply repeat the same process by typing ssh-keygen -t rsa -C "email@business.com" followed by Enter, but this time use your business email or whatever email that is associated to the other Github account. Then, when it asks for the SSH Key file name, use a name different than the previous SSH Key created. I would suggest something like "id_rsa_YourName_BusinessName", which will created the SSH Keys as id_rsa_YourName_BusinessName (the PRIVATE KEY) and id_rsa_YourName_BusinessName.pub (the PUBLIC KEY).
Once complete, you will have four files in your ~/.ssh/ directory (two for each SSH Key Set):
id_rsa_YourName
id_rsa_YourName.pub
id_rsa_YourName_BusinessName
id_rsa_YourName_BusinessName.pub
Important Remark About "passphrases":
For the SSH Keys the phassphrases act as a security password. As such, if you decide to use it, the phassphrase will be asked every time the SSH Keys are invoked. Notwithstanding, connections made via SSH using SSH Keys without phassphrases should be as much secure as the ones that use SSH Keys with it. SSH Keys are used to negotiate and stablish the connection, but will also serve as point-to-point encryption token, protecting the communication itself. Nevertheless, some may still prefer the maximimum level of security phassphrases may offer and will opt for adding it to their SSH Keys (minimizing the risk of others using the PRIVATE SSH Key if it gets stolen). Even in such cases it is possible to program your local system to request the phassphrase only once (the first time) your SSH Key is invoked instead of each time. Simply add YOUR private key identities (from your ~/.ssh directory) to the authentication agent (ssh-agent) and it will cache the passphrases until it is revoked. This is a convenience option, and works "per SSH Key", which means you will have to add one by one via command line using ssh-add ~/.ssh/id_rsa_KEYNAME Enter. To list which of your SSH Keys are cached use the command: ssh-add -l Enter. To erase the passphrases cache use the command: ssh-add -D Enter.
The SSH configuration files allow you to create shortcuts for sshd server, including advanced SSH Client Options to it (if needed). You can have various configuration files for the same SSH Client, each one for a different purpose and/or with specific command line options, such as: port, user, hostname, identity-file and much more. You can learn more about it here, here and here.
In our case, as we are targeting Github multiple accounts, we can simply create a new file in the ~/.ssh/ directory and name it "config" (or "github-config" if you prefer). Simply enter the following commands:
cd ~/.ssh/
touch configIt will create an empty file with proper permissions. Then, open the newly created file in a text editor of your choice (vi, vim, nano, gedit, kate, etc.) and paste the following script in it:
# My Personal Github Account Access
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_YourName
# My Business Github Account Access
Host github.com-BusinessName
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_YourName_BusinessNameNOTE: Remember to fix the SSH Key File Names to reflect the ones you used when creating the SSH Keys before.
Save the file and you are done setting the computer side.
Most of the time people fail using SSH Keys or get access errors because of bad permissions. SSH requires specific permissions for its files and directories, otherwise it won't work. In some systems it may be more or less strict, but we will based our teachings here what the SSH Standards define. Here the basic recipe of how it should be done to function properly:
-
The
~/.sshdirectory permissions must be700 (drwx------).
You can use the following command to achieve it:chmod 700 ~/.sshEnter -
The public key file(s), the ones with
.pubextesion, must be set with644 (-rw-r--r--)permissions.
You can use the following command to achieve it:chmod 644 ~/.ssh/[Filename.pub]Enter -
The private key, the
id_rsafile, the ones with no extension, must be set with600 (-rw-------)permissions.
You can use the following command toachieve it:chmod 600 ~/.ssh/[Filename]Enter
This is the simplest part. Just login on Github and point the browser to: https://github.com/settings/keys. If you prefer you can navigate to this page by clicking on your Image Menu (top-right of screen) and select the option Your Profile. Then click at the button where it says Edit profie and select the option SSH and GPG keys.
To add your SSH Key simply select the button New SSH key, give it a name where it reads "Tile", then paste in "Key" the entire contents of the referenced PUBLIC KEY you want to have access to this account.
Simply repeat the same process for each Github account you want to have SSH Access, adding to the Github account ONLY the SSH Key that is pertaining for that account access.
You are done. Now lets use it! :)
No much to say here. Simply remember to refer to the proper host and the rest will simply work as desired.
In any standard configuration, Github is always accessed via git@github.com. If you look to the item hoist in the config file you just wrote, you will notice that for the host = git@github.com the SSH Key ~/.ssh/id_rsa_YourName will be used. However, if you refer to git@github.com-BusinessName, the SSH Key that will be used will be ~/.ssh/id_rsa_YourName_BusinessName.
That's it. Just refer the call to the correct HostName and let the SSH Config File work out the rest.
Please refer to Github SSH Issues for common problems and solutions.