Managing Multiple SSH Keys

Managing Multiple SSH Keys

SSH is one of the most used protocols for safe data exchange. SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication.

  • Working with Single SSH Keypair

It's quite easy working with a single SSH key pair

  1. Create a new key pair

     ssh-keygen -t ed25519 -C ""
     ssh-keygen -t rsa -b 4096 -C ""
     NOTE: Replace "" with your own email

    Thinking what's ED25519 and RSA are? Do have a look at this SSH Key ED25519 vs RSA

    Use ED25519, it's more secure and faster

    After hitting one of the above commands you will be prompt to give a file name or use the default one. Personal preference you should give a new file name and not use the default one. NOTE: If you are going to have a new file name then you need to pass the full path, not just the file name e.g /Users/<USERNAME>/.ssh/my-new-ssh- key

    Hit Enter, give a new passphrase/password to your key, and TADA: It's done

  2. Copy your public key and paste it on the server/repo

     on macOS
     pbcopy < ~/.ssh/[SSH_KEY_NAME].pub
     on linux 
     cat ~/.ssh/[SSH_KEY_NAME].pub
  3. Test your SSH connection e.g I have generated my ssh key pair for my Github account then


    If everything is good then you will be seeing something like this

     Hi <USERNAME>! You've successfully authenticated, but GitHub does not provide 
     shell access.
  • Working with Multiple SSH Keypair

    Managing SSH keys can become cumbersome as soon as you need to use a second key pair. You might be using one SSH key pair for working on your company’s internal projects but you might be using a different key for accessing some corporate client’s servers. We can have more such cases where we need to have multiple SSH key pairs.

  1. Create another SSH key pair, follow the same steps as above

    When you test your connection you will see something like this

     connect to <server> host : Connection Refused

    Now, what's happened here. I am taking Github as an example here. You have 2 Github accounts and you have 2 different SSH public keys attached to them (Github doesn't allow to have the same SSH keys for 2 different accounts).

    Your Github account has an SSH public key and it's expecting the respective private key on your local machine. But it's not taking that, it's taking the default one because you have the same hostname as the previous one. Here comes the SSH Config

  2. SSH Config

    SSH allows you to set up a per-user configuration file where you can store different SSH options for each remote machine you connect to. By default, the SSH configuration file may not exist, so you may need to create it

      touch ~/.ssh/config

    This file must be readable and writable only by the user and not accessible by others

      chmod 600 ~/.ssh/config

    SSH Config File Example

          User git
          IdentityFile ~/.ssh/targaryen

    Here is what's going on :

    1. We have defined a Host/server for which we want to specify some rules
    2. Under that host we have defined some rules like the hostname, server user, and a IdentityFile (private key file)

      When a user (git) tries to connect to a host (, the SSH Agent will use the specified IdentityFile and not the default one.

      Solution for our current user case

           User git
           IdentityFile ~/.ssh/<FILE_NAME_1>
           User git
           IdentityFile ~/.ssh/<FILE_NAME_2>

      NOTE: Here the FILE_NAME should be the respective private key file name. Also, you can change the hostname to anything but you have to keep


When cloning/adding the remote to your git repository make sure you do this step :

Change the ssh clone URL a bit :



Noticed what changed? I have added a unique identifier after It's the same identifier that you added in the hostname while editing the SSH config file. It should be the same.

Hope this was helpful. Thanks

Website : Madhav Bhasin

Github : Madhav Bhasin

Linkedin : Madhav Bhasin

NOTE: I would appreciate any comments if I have missed anything.