Oussama GHAIEB

Tips, tricks, and code snippets for developers

Effortlessly Manage Multiple SSH Keys: A Developer’s Guide to GitHub and Beyond

As a developer, you often work with multiple Git repositories hosted on different platforms like GitHub, GitLab, Bitbucket, or private servers. Each platform may require a unique SSH key for authentication. Managing multiple SSH keys can be tricky, but with the right setup, you can streamline the process and avoid authentication issues.

In this guide, we’ll walk through the steps to efficiently manage multiple SSH keys, using GitHub as an example. The same principles apply to other platforms as well.

Why Use Multiple SSH Keys?

Using multiple SSH keys is essential when:

  • You have separate work and personal GitHub accounts.
  • You work with multiple clients or organizations, each requiring a unique SSH key.
  • You want to maintain a clear separation between different projects or environments.

By managing multiple SSH keys, you ensure that the right key is used for the right repository, avoiding authentication conflicts and enhancing security.

Step 1: Generate SSH Keys for Each Account

To generate a unique SSH key for each account or platform, I recommend using ed25519 for its speed and modern security. However, RSA is a reliable alternative for broader compatibility.

  1. Open your terminal.

  2. For an ed25519 key (preferred), run this command, replacing id_ed25519_work with a descriptive name (e.g., id_ed25519_personal, id_ed25519_client1):

    ssh-keygen -t ed25519 -C "your_email@example.com" -f ~/.ssh/id_ed25519_work
    • -t ed25519: Uses a modern, fast, and secure key type with a fixed 256-bit size.
    • -C "your_email@example.com": Adds a comment to the key.
    • -f ~/.ssh/id_ed25519_work: Specifies the filename for the key.

  3. Alternatively, for an RSA key (e.g., for older systems), use this command, replacing id_rsa_work with a unique name:

    ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f ~/.ssh/id_rsa_work
    • -t rsa: Uses the widely supported RSA algorithm.
    • -b 4096: Sets a strong 4096-bit key length.
    • -C and -f: Same as above.

  4. When prompted, enter a passphrase for added security (optional but recommended).

  5. Repeat this process for each account or platform, giving each key a unique name. Use ed25519 where possible, and RSA if compatibility is a concern.

Step 2: Add SSH Keys to the SSH Agent

The SSH agent manages your SSH keys and handles authentication. To add your keys to the agent:

  1. Start the SSH agent in the background:

    eval "$(ssh-agent -s)"

  2. Add each SSH key to the agent (use the appropriate filenames):

    ssh-add ~/.ssh/id_ed25519_work
ssh-add ~/.ssh/id_ed25519_personal
# Or for RSA:
# ssh-add ~/.ssh/id_rsa_work

  3. Verify that the keys have been added:

    ssh-add -l

Step 3: Configure SSH to Use the Correct Key

To ensure that the correct SSH key is used for each repository, configure your SSH client:

  1. Open (or create) the ~/.ssh/config file:

    nano ~/.ssh/config

  2. Add a configuration block for each account (adjust IdentityFile based on your key type):

    # Work GitHub account (ed25519)
Host github.com-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_work

# Personal GitHub account (RSA example)
Host github.com-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa_personal
Field Description Example
Host Alias for SSH configuration github.com-work
HostName Actual Git host github.com
User Git user git
IdentityFile Path to the SSH private key ~/.ssh/id_ed25519_work
  1. Save and close the file.

Step 4: Update Remote URLs for Your Repositories

Now that your SSH client is configured, update the remote URLs for your repositories:

For a work repository:

git remote set-url origin git@github.com-work:username/repository.git

For a personal repository:

git remote set-url origin git@github.com-personal:username/repository.git

Step 5: Test Your Setup

Verify that everything is working correctly:

ssh -T git@github.com-work
ssh -T git@github.com-personal

You should see a message like:

Hi username! You've successfully authenticated, but GitHub does not provide shell access.

If you see this, congratulations! Your SSH keys are set up correctly.

Troubleshooting Common Issues

Issue: SSH Key Not Being Used

Fix: Run ssh-add -l to check if the key is loaded. If not, manually add it:

ssh-add ~/.ssh/id_ed25519_work
# Or for RSA:
# ssh-add ~/.ssh/id_rsa_work

Issue: "Permission denied (publickey)" when pushing to GitHub

Fix: Check if the correct key is being used with:

ssh -vT git@github.com-work

If the wrong key is being used, update your ~/.ssh/config file.

Issue: SSH Agent Not Running

Fix: Start the SSH agent manually:

eval "$(ssh-agent -s)"

Bonus Tips

1. Use a Passphrase Manager

If you use passphrases for your SSH keys, consider using a passphrase manager like ssh-agent or a third-party tool to avoid entering the passphrase repeatedly.

2. Backup Your SSH Keys

Store your SSH keys in a secure location, such as an encrypted USB drive or a password manager, in case you need to set them up on a new machine.

3. Keep Your Keys Secure

Never share your private SSH keys, and ensure they have the correct permissions (600).

Conclusion

Managing multiple SSH keys doesn’t have to be complicated. By generating unique keys with ed25519 (or RSA for compatibility), configuring your SSH client, and updating your repository URLs, you can seamlessly switch between different accounts and platforms. This setup not only improves security but also makes your development workflow more efficient.

Happy coding! 🚀

More Posts :