Managing Multiple SSH Keys

Managing Multiple SSH Keys

SSH is one of the most used protocols for safe data exchange. SSH keys can serve as a means of identifying yourself to an SSH server using public-key cryptography and challenge-response authentication.

  • Working with Single SSH Keypair

It's quite easy working with a single SSH key pair

  1. Create a new key pair

     ssh-keygen -t ed25519 -C "your_email@example.com"
     or
     ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    
     NOTE: Replace "your_email@example.com" with your own email
    

    Thinking what's ED25519 and RSA are? Do have a look at this SSH Key ED25519 vs RSA

    Use ED25519, it's more secure and faster

    After hitting one of the above commands you will be prompt to give a file name or use the default one. Personal preference you should give a new file name and not use the default one. NOTE: If you are going to have a new file name then you need to pass the full path, not just the file name e.g /Users/<USERNAME>/.ssh/my-new-ssh- key

    Hit Enter, give a new passphrase/password to your key, and TADA: It's done

  2. Copy your public key and paste it on the server/repo

     on macOS
     pbcopy < ~/.ssh/[SSH_KEY_NAME].pub
    
     on linux 
     cat ~/.ssh/[SSH_KEY_NAME].pub
    
  3. Test your SSH connection e.g I have generated my ssh key pair for my Github account then

      ssh github.com
    

    If everything is good then you will be seeing something like this

     Hi <USERNAME>! You've successfully authenticated, but GitHub does not provide 
     shell access.
    
  • Working with Multiple SSH Keypair

    Managing SSH keys can become cumbersome as soon as you need to use a second key pair. You might be using one SSH key pair for working on your company’s internal projects but you might be using a different key for accessing some corporate client’s servers. We can have more such cases where we need to have multiple SSH key pairs.

  1. Create another SSH key pair, follow the same steps as above

    When you test your connection you will see something like this

     connect to <server> host : Connection Refused
    

    Now, what's happened here. I am taking Github as an example here. You have 2 Github accounts and you have 2 different SSH public keys attached to them (Github doesn't allow to have the same SSH keys for 2 different accounts).

    Your Github account has an SSH public key and it's expecting the respective private key on your local machine. But it's not taking that, it's taking the default one because you have the same hostname github.com as the previous one. Here comes the SSH Config

  2. SSH Config

    SSH allows you to set up a per-user configuration file where you can store different SSH options for each remote machine you connect to. By default, the SSH configuration file may not exist, so you may need to create it

      touch ~/.ssh/config
    

    This file must be readable and writable only by the user and not accessible by others

      chmod 600 ~/.ssh/config
    

    SSH Config File Example

     Host github.com-targaryen
          HostName github.com
          User git
          IdentityFile ~/.ssh/targaryen
    

    Here is what's going on :

    1. We have defined a Host/server for which we want to specify some rules
    2. Under that host we have defined some rules like the hostname, server user, and a IdentityFile (private key file)

      When a user (git) tries to connect to a host (github.com-targaryen), the SSH Agent will use the specified IdentityFile and not the default one.

      Solution for our current user case

      Host github.com-githubAccount1
           HostName github.com
           User git
           IdentityFile ~/.ssh/<FILE_NAME_1>
      
      Host github.com-githubAccount2  
           HostName github.com
           User git
           IdentityFile ~/.ssh/<FILE_NAME_2>
      

      NOTE: Here the FILE_NAME should be the respective private key file name. Also, you can change the hostname github.com-githubAccount1 to anything but you have to keep github.com-

IMPORTANT

When cloning/adding the remote to your git repository make sure you do this step :

Change the ssh clone URL a bit :

    Original
    git@github.com:<user>/<repo>.git

    Changed
    git@github.com-githubAccount1:<user>/<repo>.git

Noticed what changed? I have added a unique identifier after github.com. It's the same identifier that you added in the hostname while editing the SSH config file. It should be the same.

Hope this was helpful. Thanks

Website : Madhav Bhasin

Github : Madhav Bhasin

Linkedin : Madhav Bhasin

NOTE: I would appreciate any comments if I have missed anything.