Tell git which SSH config file to use

Question

I have multiple ssh config folders for various systems e.g.:

ssh -F ~/.ssh/system-a/config user@system-a
ssh -F ~/.ssh/system-b/config user@system-b

Each folder has a config file and set of identity files like so

Host system-a
    HostName <some_hostname>
    User <some_username>
    IdentityFile ~/.ssh/system-a/keys/system-a.pem

How do tell git to use a certain ssh config file or a certain ssh key when performing git tasks?

Ideally I would like to do this per git project if I can.

Answer 1

As Andrejs Cainikovs and Jakuje have pointed out, it is possible to use multiple ssh-config files with a recent enough git.

However, you can achieve virtually the same results with a single ssh-config file with multiple configurations, possibly all referring to a single real host:

Host SOMELABEL
    HostName <some_hostname>
    User <some_username>
    IdentityFile ~/.ssh/system-a/keys/system-a.pem

Host OTHERLABEL
    HostName <other_hostname>
    User <other_username>
    IdentityFile ~/.ssh/system-b/keys/system-a.pem

and then clone the repos like:

  git clone SOMELABEL:foo/bar.git
  git clone OTHERLABEL:frobnozzel.git

This will use <some_username>@<some_hostname> with the ssh-key in ~/.ssh/system-a/keys/system-a.pem for the bar repository, whereas it will use <other_username>@<other_hostname> with the ssh-key in ~/.ssh/system-b/keys/system-a.pem for the frobnozzel repository.

Answer 2

I wanted to hook into this topic, because I have recently been trying to solve this without having to do a git config core.sshCommand every new release I clone

So, for that I extended a bit on the implementation from Jakuje

I have two gitlab accounts. One is for work, with my work email, and one is personal, with my personal email.

For this I have two different private keys:

• personal: ~/.ssh/keys/personal.id_rsa
• work: ~/.ssh/keys/work.id_rsa

Now, I have a global git configuration located at ~/.gitconfig and an alternative configuration located at ~/work.gitconfig. The work git configurations only contains settings that are different than the global configuration.

So in this scenario,

~/work.gitconfig

[core] 
    sshCommand = ssh -i ~/.ssh/keys/work.id_rsa

and all my work related repositories I clone into ~/source/work

The magic then happens in my ~/.gitconfig. I included the following section (git includeIf:

[includeIf "gitdir:~/source/work/**"]
    path="~/work.gitconfig"

Now, this will tell git to include my work git configuration for all repos that are in ~/source/work. This configuration will then automagically set the ssh key used when pushing/pulling to the one I use for my work repos.

All you need to make sure is to clone into the right folder.

You can combine this with using a generic ssh config.

Host gitlab.com
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/keys/personal.id_rsa

By default git will use the personal.id_rsa (personal account), except when the repo is in the work directory, then the work account is used (based on ssh key).

Answer 3

on command-line you can change your Git config for the current repository:

git config core.sshCommand "ssh -F ~/.ssh/system-a/config"

or in .git/config in your local repository to the [core] section:

sshCommand = "ssh -F ~/.ssh/system-a/config"

This works only with git 2.10 and newer. Otherwise, it needs to be set up using environment variable $GIT_SSH_COMMAND, for example like:

GIT_SSH_COMMAND="ssh -F ~/.ssh/system-a/config" git pull

Answer 4

git 2.10+

Check Jakuje answer.

git 2.9-

Use core.gitproxy pointing to the custom script that does the magic.