SSH is one of the most used protocols for safe data exchange. SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication.
- Working with Single SSH Keypair
It's quite easy working with a single SSH key pair
Create a new key pair
ssh-keygen -t ed25519 -C "firstname.lastname@example.org" or ssh-keygen -t rsa -b 4096 -C "email@example.com" NOTE: Replace "firstname.lastname@example.org" with your own email
Thinking what's ED25519 and RSA are? Do have a look at this SSH Key ED25519 vs RSA
Use ED25519, it's more secure and faster
After hitting one of the above commands you will be prompt to give a file name or use the default one. Personal preference you should give a new file name and not use the default one. NOTE: If you are going to have a new file name then you need to pass the full path, not just the file name e.g
Hit Enter, give a new passphrase/password to your key, and TADA: It's done
Copy your public key and paste it on the server/repo
on macOS pbcopy < ~/.ssh/[SSH_KEY_NAME].pub on linux cat ~/.ssh/[SSH_KEY_NAME].pub
Test your SSH connection e.g I have generated my ssh key pair for my Github account then
If everything is good then you will be seeing something like this
Hi <USERNAME>! You've successfully authenticated, but GitHub does not provide shell access.
Working with Multiple SSH Keypair
Managing SSH keys can become cumbersome as soon as you need to use a second key pair. You might be using one SSH key pair for working on your company’s internal projects but you might be using a different key for accessing some corporate client’s servers. We can have more such cases where we need to have multiple SSH key pairs.
Create another SSH key pair, follow the same steps as above
When you test your connection you will see something like this
connect to <server> host : Connection Refused
Now, what's happened here. I am taking Github as an example here. You have 2 Github accounts and you have 2 different SSH public keys attached to them (Github doesn't allow to have the same SSH keys for 2 different accounts).
Your Github account has an SSH public key and it's expecting the respective private key on your local machine. But it's not taking that, it's taking the default one because you have the same hostname
github.comas the previous one. Here comes the SSH Config
SSH allows you to set up a per-user configuration file where you can store different SSH options for each remote machine you connect to. By default, the SSH configuration file may not exist, so you may need to create it
This file must be readable and writable only by the user and not accessible by others
chmod 600 ~/.ssh/config
SSH Config File Example
Host github.com-targaryen HostName github.com User git IdentityFile ~/.ssh/targaryen
Here is what's going on :
- We have defined a Host/server for which we want to specify some rules
Under that host we have defined some rules like the hostname, server user, and a IdentityFile (private key file)
When a user (git) tries to connect to a host (github.com-targaryen), the SSH Agent will use the specified IdentityFile and not the default one.
Solution for our current user case
Host github.com-githubAccount1 HostName github.com User git IdentityFile ~/.ssh/<FILE_NAME_1> Host github.com-githubAccount2 HostName github.com User git IdentityFile ~/.ssh/<FILE_NAME_2>
NOTE: Here the FILE_NAME should be the respective private key file name. Also, you can change the hostname
github.com-githubAccount1to anything but you have to keep
When cloning/adding the remote to your git repository make sure you do this step :
Change the ssh clone URL a bit :
Original email@example.com:<user>/<repo>.git Changed firstname.lastname@example.orgAccount1:<user>/<repo>.git
Noticed what changed? I have added a unique identifier after
github.com. It's the
same identifier that you added in the hostname while editing the SSH config file. It
should be the same.
Hope this was helpful. Thanks
Website : Madhav Bhasin
Github : Madhav Bhasin
Linkedin : Madhav Bhasin
NOTE: I would appreciate any comments if I have missed anything.