DEV Community

Cover image for Git via SSH - multiple keys management
Mikołaj Buchwald
Mikołaj Buchwald

Posted on • Edited on

Git via SSH - multiple keys management

In order to use git over ssh, you need ssh keys. When you want to use multiple keys for different domains, you have to know where and how to configure it. I always forget where this configuration file is stored, so here I make a short note about it. Just edit ~/.ssh/config, e.g.:

vim ~/.ssh/config
Enter fullscreen mode Exit fullscreen mode

Then put there something like:

Host github.com
 HostName github.com
 IdentityFile ~/.ssh/id_rsa_github
Host gitlab.com
 HostName gitlab.com
 IdentityFile ~/.ssh/id_rsa_gitlab
Enter fullscreen mode Exit fullscreen mode

Et violà!


Source: https://superuser.com/a/232406/950943


Edit: Troubleshooting: On AWS' EC2 machines you may get an Bad owner or permissions on /home/ec2-user/.ssh/config error when trying to clone a repository, e.g.:

[ec2-user@ip-my-ip ~]$ git clone git@gitlab.com:mikbuch/my-repo-name.git
Cloning into 'my-repo-name'...
Bad owner or permissions on /home/ec2-user/.ssh/config
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Enter fullscreen mode Exit fullscreen mode

You have to make sure that you have 400 permission on your ~/.ssh/config file, i.e.:

[ec2-user@ip-my-ip ~]$ ls -la ~/.ssh/
total 12
drwx------ 2 ec2-user ec2-user   73 Dec 29 19:51 .
drwx------ 7 ec2-user ec2-user  175 Dec 29 19:52 ..
-r-------- 1 ec2-user ec2-user 1831 Dec 29 19:50 my-deployment-key.pem
-rw------- 1 ec2-user ec2-user  957 Dec 20 20:25 authorized_keys
-rw-rw-r-- 1 ec2-user ec2-user   81 Dec 29 19:51 config
Enter fullscreen mode Exit fullscreen mode

Use the following command to change the permissions:

[ec2-user@ip-my-ip ~]$ chmod 400 ~/.ssh/config
Enter fullscreen mode Exit fullscreen mode

See the result:

[ec2-user@ip-my-ip ~]$ ls -la ~/.ssh/
total 16
drwx------ 2 ec2-user ec2-user   92 Dec 29 19:53 .
drwx------ 8 ec2-user ec2-user  196 Dec 29 19:53 ..
-r-------- 1 ec2-user ec2-user 1831 Dec 29 19:50 my-deployment-key.pem
-rw------- 1 ec2-user ec2-user  957 Dec 20 20:25 authorized_keys
-r-------- 1 ec2-user ec2-user   81 Dec 29 19:51 config
-rw-r--r-- 1 ec2-user ec2-user  207 Dec 29 19:53 known_hosts
Enter fullscreen mode Exit fullscreen mode

Now the clonning should work:

[ec2-user@ip-my-ip ~]$ git clone git@gitlab.com:mikbuch/my-repo-name.git
Cloning into 'my-repo-name'...
The authenticity of host 'gitlab.com (2606:4700:90:0:f22e:fbec:5bed:a9b9)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
ECDSA key fingerprint is MD5:f1:d0:fb:46:73:7a:70:92:5a:ab:5d:ef:43:e2:1c:35.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.com,2606:4700:90:0:f22e:fbec:5bed:a9b9' (ECDSA) to the list of known hosts.
remote: Enumerating objects: 287, done.
remote: Counting objects: 100% (206/206), done.
remote: Compressing objects: 100% (169/169), done.
remote: Total 287 (delta 37), reused 200 (delta 36), pack-reused 81
Receiving objects: 100% (287/287), 1.25 MiB | 3.19 MiB/s, done.
Resolving deltas: 100% (64/64), done.
Enter fullscreen mode Exit fullscreen mode

Top comments (4)

Collapse
 
tinkermakar profile image
Makar

I had to solve using 2 GitHub accounts via ssh from the same machine... Maybe I should post about it

Collapse
 
mikolajbuchwald profile image
Mikołaj Buchwald

Nice one! I'd love to see a post like that.

Git account management on the same machine is even trickier than key management :/

Collapse
 
jessekphillips profile image
Jesse Phillips

I don't know if identity by destination host is a good reason for multiple keys.

  • Source control
  • system access
  • stolen

Those seem more reasonable. But still not sure.

Collapse
 
mikolajbuchwald profile image
Mikołaj Buchwald

Yes, you are generally right, as far as we are concerned only the personal keys. What I had in mind was more of a case where you have, e.g., "deploy keys" like for different CI/CD pipelines, using GitLab, Jenkins, GitHub, etc. -- then in some sense you can be forced to use (and manage) different keys.

If I get you comment right, of course. Anyways, it all depends on particular use-case, I guess.

Thanks for the comment! :)