Managing multiple ssh keys
Usually when joining a new work place you are asked to provide your public
ssh key to get access to all the private organization repositories.
And after sometime, I came to the conclusion that I want to separate between work and personal
ssh keys, and I want to achieve that in an easy, hassle free way from the same computer.
Why do I want manage multiple
The answer is simple, I want one
SSH key-pair for work related matters (i.e. code base, servers .. etc) and a different key-pair for my own personal matters. In that sense, I am not mixing up things - which I don’t like having - and I don’t want my work
ssh fingerprint to be in my personal projects. So, the separation between the two became a higher need for me.
Also, I want to be mind free that when I decide to change my work place, on my last day, all I have to do is to just delete my work
ssh key or it gets forgotten when my work laptop is wiped, then automatically I’m out of all the company’s systems.
So, again the urge got higher to create another
ssh key to be used for work place.
I assume you have knowledge using
ssh and you know your way around your OS terminal.
How will I do it?
1. You need to create another separate
ssh key, and you can do that simple by running
$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
and this will guide you to a step by step creating process. Or, you can follow this github guide for more details.
2. Set your configuration
You need to modify your
ssh configuration file located in
~/.ssh/config, this is configuration exist per-user in the home folder, you will edit it as follows
ForwardAgent yes Host github.com HostName github.com User git IdentityFile ~/.ssh/personal_rsa # private/personal identity IdentitiesOnly yes Host work.github.com HostName github.com User git IdentityFile ~/.ssh/work_rsa # work identity IdentitiesOnly yes
Let me explain what have we done:
- We are defining two different hosts, that have or points to the same
- Since, we have defined two different hosts
work.github.com, the second one in reality does not exist, it is just a mapping.
- You add which
sshkey to be used when authenticating with the host defined, by this line
- Bonus: Adding
IdentitiesOnly yes, tells the
ssh-agentto not use the default behavior of trying to connect using the default
~.ssh/id_rsafirst but only try the specified key.
3. How to use to connect?
Now, that you have every thing setup to work with multiple
ssh keys, let me show the final step of how to use it, and that is by
$ git clone firstname.lastname@example.org:company/project.git
This will resolve to the
work.github.com host defined in
~/.ssh/config and use the defined key there and will use the right key for it.
ssh keys can become cumbersome as soon as you need to use a second key and is not a necessary for everyone, but some times the need come or you want to use unorthodox key names. You might need one for working on your company’s private repos, one for your clients’ work and another for your private work.
If you can avoid it, do so, as ideally, it is a good practice to have only one.
I hope someone found this useful!