I am trying to create Multiple SSH keys for multiple git accounts. For now, I have one Github account and two Gitlab accounts, I could not find the guide for Multiple accounts across multiple git platforms. Can you help me with it. Keys are: id_rsa_github git username is demetere id_rsa_gitlab git username is demetere id_rsa_gitlab_identomat git username is demetere._ I literally need help with agent and cloning and pushing permissions. I generated 3 keys for each account and added them to accounts and also added to the agent. The only thing left is the config file and also if there is anything specific I need to do when cloning repos and pushing. Also when I am a contributor to other users' repos how can I clone that with the correct Host? Thanks

Reputation: 440

SSH Key Managment for Multiple Git Accounts

I am trying to create Multiple SSH keys for multiple git accounts. For now, I have one Github account and two Gitlab accounts, I could not find the guide for Multiple accounts across multiple git platforms. Can you help me with it.

Keys are:

id_rsa_github git username is demetere
id_rsa_gitlab git username is demetere
id_rsa_gitlab_identomat git username is demetere._

I literally need help with agent and cloning and pushing permissions. I generated 3 keys for each account and added them to accounts and also added to the agent. The only thing left is the config file and also if there is anything specific I need to do when cloning repos and pushing.

Also when I am a contributor to other users' repos how can I clone that with the correct Host? Thanks

Upvotes: 2

Answers (3)

Mr X

Reputation: 1739

Let's take an example where you have two gitlab repositories one for personal account and one for work and both have different account users.

@my-personal -> Personal Account gitlab
@my-work -> Work Account gitlab

Step 1:

Generate the ssh key for each account : give names for your key

ssh-keygen -t rsa -b 4096 -f ~/.ssh/my-personal

ssh-keygen -t rsa -b 4096 -f ~/.ssh/my-work

Step 2

cd ./ssh

update the config file

# Personal SSH key for GitLab
Host gitlab-personal
  HostName gitlab.com
  User git
  IdentityFile ~/.ssh/my-personal

# Nthexam SSH key for GitLab
Host gitlab-work
  HostName gitlab.com
  User git
  IdentityFile ~/.ssh/my-work

Step 3

Upload these keys into respective account settings in gitlab its in

User -> Profile -> SSH keys

https://gitlab.com/-/profile/keys

Once you upload the public keys then you can test

Step 4

Test connections in terminal

ssh -T git@gitlab-personal
-> output Welcome to GitLab, @my-personal
ssh -T git@gitlab-work
-> output Welcome to GitLab, @my-work

Step 5 To clone you need to give the host name alias

git clone git@gitlab-personal:{ssh_url}
git clone git@gitlab-work:{ssh_url}

If gitlab clone ssh url is for personal account

[email protected]:my-development/backend/mydev.git

Then change it to

git@gitlab-personal:my-development/backend/mydev.git

Step 6

You can set the remote origin as suggested by @demetere._ so that you don't have to type the host name every time

You can also set this rmeote origin if you creating the fresh repository and if cloning the existing repository you cna give the host name once.

You can test the new remote origin as

git remote --verbose

origin  [email protected]:my-development/backend/mydev.git (fetch)
origin  [email protected]:my-development/backend/mydev.git (push)

Upvotes: 2

amacfarlane

Reputation: 53

VonC has already answered the main question. By setting the git origin as the alias in ~/.ssh/config you can tell each repository to use a specific key.

You will still need to load those keys into your ssh-agent any time you make a push. You can automate that with this bash script. It loads any ssh-keys starting with id_rsa. See the in-file documentation for setup and usage.

Note, this ssh-agent will only work when using git from the CLI. Any IDE you use will have it's own method for authenticating over SSH.

: ' DOCUMENTATION
This file describes and implements authenticating with git over ssh using the cli.

    USAGE
Run this as a one-off with
  $ source start-ssh-agent
If you call this script without `source` the ssh-agent will be lost in the child process.

To automatically authenticate in every new shell:
1. Save this file to `~/.ssh/start-ssh-agent`
2. Find your shell's rc file
Each shell has its own rc file:
* bash:    ~/.bashrc
* zsh:     ~/.zshrc
* general: ~/.$(basename $SHELL)rc
3. To your rc file, add the line `. ~/.ssh/start-ssh-agent`

    SETUP
Generate an ssh key, 
optionally providing a file name ending in _rsa with -f
and your identity with -C
  $ ssh-keygen -t rsa -b 4096 -C [email protected] -f ~/.ssh/id_rsa

If you provide a name, end it with `_rsa` to help the below script find it.
If you use a passphrase, it must be used every time you use the ssh Key to connect.
Make sure that the files are in the KEY_FOLDER defined in the below script.
Two files are produced:
  The *_rsa file is used to authenticate from your machine.
  Share the *_rsa.pub file with your git provider as a public key.

After you have created a key for each account, setup your ssh config file. 
Replace the IdentityFile path with the _rsa file you generated.
---------| ~/.ssh/config | ---------
Host my-host-alias
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes
------------------------------------
We can configure git to use this alias, allowing us to use the given IdentityFile 
automatically.
Setting IdentitiesOnly forces the agent to only use the given IdentityFile
rather than try every possible ssh key in the KEY_FOLDER.

Open a bash terminal in the local project. 
Check your current git origin
  $ git remote -v

Automatically replace the current remote url with your alias.
  $ git remote set-url origin my-host-alias:$(git remote -v | grep -m 1 -oE [a-z]+\/[a-z-]+.git)

Test that keys were added by listing active keys
  $ ssh-add -l

END DOCUMENTATION'

SSH_ENV=~/.ssh/agent.environment
KEY_FOLDER=~/.ssh
KEY_PREFFIX=id_rsa

# export the SSH_AUTH_SOCK and SSH_AGENT_PID variables
# making the running ssh agent available to child processes
function run_ssh_env {
  . "${SSH_ENV}" > /dev/null
}

# start the ssh-agent and add keys
function start_ssh_agent {
  echo "Initializing new SSH agent..."
  # spawn ssh-agent and store agent config 
  ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
  chmod 600 "${SSH_ENV}"
  run_ssh_env
  ssh-add $KEY_FOLDER/$KEY_PREFFIX* || \
    echo "Incorrect passphrase, skipping key..."
  echo "Agent started"
}

if [ -f "${SSH_ENV}" ]
then
  run_ssh_env             # look for the last running agent
  ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
    start_ssh_agent       # if the last agent is no longer running,
  }                       # start another one
else 
  start_ssh_agent
fi

# verify that your keys were successfuly added
ssh-add -l || \
  echo -e "No keys configured from $KEY_FOLDER/$KEY_PREFFIX*" \
          "\nSSH authentication may fail!"

# remove variables so they don't interfere with normal shell usage
unset SSH_ENV
unset KEY_FOLDER
unset KEY_PREFFIX
unset run_ssh_env
unset start_ssh_agent

Upvotes: 1

VonC

Reputation: 1323553

The main idea is to use ~/.ssh/config to assign a "Host" entry to each of your accounts:

Host ghuser1
  Hostname github.com
  User git
  IdentityFile ~/.ssh/key1

Host gluser1
  Hostname gitlab.com
  User git
  IdentityFile ~/.ssh/keyg1

Host gluser2
  Hostname gitlab.com
  User git
  IdentityFile ~/.ssh/keyg2

That means, for cloning, you will need to use that "Host" entry:

git clone ghuser1:me/MyRepo

You can also test the authentication with:

ssh -Tv ghuser1
ssh -Tv gluser1
ssh -Tv gluser2

A few notes:

the User is always git, never your GitHub or GitLab account username.
the authentication is needed in order to determine if your account has the right to access a private repository (you must be added as collaborator).
For a public repository, this is less important.

Upvotes: 3

SSH Key Managment for Multiple Git Accounts

Answers (3)

Related Questions