# Managing Multiple SSH Keys

**SSH is one of the most used protocols for safe data exchange. SSH keys can serve as a means of identifying yourself to an SSH server using [public-key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) and [challenge-response authentication](https://en.wikipedia.org/wiki/Challenge%E2%80%93response_authentication). **

- **Working with Single SSH Keypair**

It's quite easy working with a single SSH key pair

1. **Create a new key pair **

    ```
    ssh-keygen -t ed25519 -C "your_email@example.com"
    or
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
     
    NOTE: Replace "your_email@example.com" with your own email
```
    Thinking what's ED25519 and RSA are? Do have a look at this [SSH Key ED25519 vs RSA](https://security.stackexchange.com/questions/90077/ssh-key-ed25519-vs-rsa)

    **Use ED25519, it's more secure and faster**

    After hitting one of the above commands you will be prompt to give a file name or use
    the default one. Personal preference you should give a new file name and not use the 
    default one. **NOTE: If you are going to have a new file name then you need to pass 
    the full path, not just the file name e.g `/Users/<USERNAME>/.ssh/my-new-ssh- 
    key`**

   Hit Enter, give a new passphrase/password to your key, and **TADA: It's done**

2. **Copy your public key and paste it on the server/repo**

     ```
    on macOS
    pbcopy < ~/.ssh/[SSH_KEY_NAME].pub

    on linux 
    cat ~/.ssh/[SSH_KEY_NAME].pub 
     ```
3. **Test your SSH connection **
    e.g I have generated my ssh key pair for my Github account then 
    
     ```
     ssh github.com
     ```
     If everything is good then you will be seeing something like this 
    ```
    Hi <USERNAME>! You've successfully authenticated, but GitHub does not provide 
    shell access.
    ```


-  **Working with Multiple SSH Keypair**

    Managing SSH keys can become cumbersome as soon as you need to use a second 
    key pair. You might be using one SSH key pair for working on your company’s internal 
    projects but you might be using a different key for accessing some corporate client’s 
    servers. We can have more such cases where we need to have multiple SSH key 
    pairs.


1. **Create another SSH key pair,  follow the same steps as above**
    
    When you test your connection you will see something like this 
    ```
    connect to <server> host : Connection Refused
    ```

    Now, what's happened here. I am taking Github as an example here. You have 2 
    Github accounts and you have 2 different SSH public keys attached to them (Github 
    doesn't allow to have the same SSH keys for 2 different accounts).  

    Your Github account has an SSH public key and it's expecting the respective private 
    key on your local machine. But it's not taking that, it's taking the default one because
    you have the same hostname `github.com` as the previous one. Here comes the 
    **SSH Config**

2. **SSH Config**

     SSH allows you to set up a per-user configuration file where you can store different 
     SSH options for each remote machine you connect to.
     By default, the SSH configuration file may not exist, so you may need to create it 
     ```
     touch ~/.ssh/config
     ```
     This file must be readable and writable only by the user and not accessible by 
     others 
     ```
     chmod 600 ~/.ssh/config
     ```
      SSH Config File Example
     ```
    Host github.com-targaryen
         HostName github.com
         User git
         IdentityFile ~/.ssh/targaryen
     ```
    Here is what's going on : 
     
      1. We have defined a Host/server for which we want to specify some rules
      2. Under that host we have defined some rules like the hostname, server user, and a 
          IdentityFile (private key file)
    
     When a user (git) tries to connect to a host (github.com-targaryen), the SSH Agent 
     will use the specified IdentityFile and not the default one.
    
      **Solution for our current user case**

       ```
        Host github.com-githubAccount1
              HostName github.com
              User git
              IdentityFile ~/.ssh/<FILE_NAME_1>
   
        Host github.com-githubAccount2  
              HostName github.com
              User git
              IdentityFile ~/.ssh/<FILE_NAME_2>
       ```
          NOTE: Here the FILE_NAME should be the respective private key file name. Also, 
          you can change the hostname `github.com-githubAccount1` to anything but you 
          have to keep `github.com-`

**IMPORTANT**

   When cloning/adding the remote to your git repository make sure you do this step :
   
   Change the ssh clone URL a bit : 
   ```
    Original
    git@github.com:<user>/<repo>.git

    Changed
    git@github.com-githubAccount1:<user>/<repo>.git
   ```

** Noticed what changed? I have added a unique identifier after `github.com`. It's the 
 same identifier that you added in the hostname while editing the SSH config file. It 
 should be the same. **


Hope this was helpful. Thanks

Website : [Madhav Bhasin](https://madhav.dev)

Github : [Madhav Bhasin](https://github.com/manbhasin)

Linkedin : [Madhav Bhasin](https://www.linkedin.com/in/manbhasin/)


NOTE: I would appreciate any comments if I have missed anything.