Multiple SSH Keys on Github

If you want to use multiple SSH keys you need the following steps, this post assumes you are using macOS High Sierra or newer and are familiar with the Terminal.

Steps

If you’ reading about multiple SSH keys, I can reasonably assume you already have an ssh key pair that you’ve been using to login to remote servers. It’s probably called something like:

Existing SSH Keys

~/.ssh/id_rsa

That is, your existing private key is inside the .ssh folder of your home folder with the private key being called id_rsa and the public key being called id_rsa.pub. Do not get these two mixed up!

Let’s create a new SSH key pair by opening the Terminal and using the command:

Creating New SSH Key Pair

ssh-keygen -t rsa -b 4096 -C "you@example.com"

When prompted with the option to give your key a name, call it something memorable.And now you have another key in your .ssh folder. Note: when prompted to name your new key make sure you give it full path of your .ssh folder and not just the name, like so:

New SSH Key Location

~/.ssh/second_id_rsa

SSH-Agent

We can use an inbuilt feature of the SSH implementation called the ssh-agent to manipulate and use your SSH keys.

First let’s list any existing keys with:

ssh-add -l

That’s purely for your information. I recommend you delete your keys from the agent and start again with:

ssh-add -D 

Now that there are no keys cached for later use we can re-add only the keys we intend to use regularly. Add the key you use most first!

Add the keys with:

ssh-add -K ~/.ssh/id_rsa

and

ssh-add -K ~/.ssh/second_id_rsa

The -K flag in the above command tells the ssh-agent to store the keys in the keychain.

Keys added, we finally run a quick command to list our keys just to make sure they are there with:

ssh-add -l

Which should respond with something that looks like this:

4096 SHA256:OZQNwcH6XWjbELaCNy2+uRUOdTHlEwMpC1McYrccpmG /Users/you/.ssh/id_rsa
4096 SHA256:E9cbZEQPTeVPaWjssZK1yjwdUmFQUhEmYlE34XylY8B /Users/you/.ssh/second_id_rsa

Load keys at launch

This is a reasonably hacky solution, but to make sure your keys are loaded every time you open the terminal add the following lines to either your .bash_profile or .zshrc or other shell configuration file of your choice. Open your chosen shell profile in an editor:

nano .zshrc

Add the following near the bottom:

# SSH Agent Stuff
ssh-add -K ~/.ssh/id_rsa
ssh-add -K ~/.ssh/second_id_rsa

SSH Config

We now need to make some small changes to the ssh config file so that it knows which keys to use. Edit ssh config (if you don’t have this file, create it):

nano ~/.ssh/config

Add the following contents (obviously changing it to suit your needs):

Host *
     UseKeychain yes
     AddKeysToAgent yes

# First
Host first
    HostName github.com
    User git
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa
    IdentitiesOnly yes


# Second
Host second
    HostName github.com
    User git
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/second_id_rsa
    IdentitiesOnly yes

Now, when you clone any repository the normal command of:

git@github.com:your_github_username/repository_name.git

Becomes

git@first:your_github_username/repository_name.git

Existing Repositories

For any existing repositories you might have, navigate to them in the terminal and edit the repository specific config file with:

nano .git/config

Then edit the file so it looks something like the following. Note: there will be other things in the file but the pertinent lines are the origin and user sections:

[remote "origin"]
    url = git@first:your_github_username/first_repo.git
    fetch = +refs/heads/*:refs/remotes/origin/*
[user]
    name = your_github_username
    email = you@example.com

Conclusion

You should then be able to push and full to all of your repositories and have SSH use the correct key pair. Hit me up if you have any problems.