30

Along the lines of How to tell git which private key to use? I would like to use a specific ssh key in a given situation.

My problem is that even when I specify '-i something' ssh uses the keys from my ssh-agent in the order they are added.

My specific situation:

  • I have two github users, each with their own key I would like to - for example via a ssh-config - for each clone specify which key to use:
   Host USER1.git
     Hostname github.com
     User git
     IdentityFile ~/.ssh/USER1.id_rsa

ssh -vt USER1.git will still use USER2.id_rsa if that is the key first added to ssh-agent.

upe
  • 107
svrist
  • 845

3 Answers3

14

The point is to use the public key file inside IdentityFile directive.

Host USER1.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER1.id_rsa.pub

Host USER2.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER2.id_rsa.pub

If we specify the private key inside the SSH config, SSH agent will fail to pick the right key if the private key is encrypted.

A similar question on stackexchange: https://unix.stackexchange.com/a/495785/264704

ttimasdf
  • 535
8

I finally got it to work:

Host USER1.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER1.id_rsa

Host USER2.git
  User git
  HostName github.com
  IdentityFile ~/.ssh/USER2.id_rsa
  • Indentation counts.
  • Do ssh-add -l and make sure both of your keys have been added.
    • Copy/paste each path from ssh-add -l into the appropriate line in ~/.ssh/config to avoid typos. If there is a ~/.ssh/config identityfile path typo for USER1, then the wrong key (USER2's key) will be used instead.

I got the instructions over at BitBucket. They should work for GitHub since the only difference is HostName: http://confluence.atlassian.com/pages/viewpage.action?pageId=271943168#ConfiguringMultipleSSHIdentitiesforGitBashMacOSXLinux-CreateaSSHconfigfile

To get this to work on a remote server using agent forwarding, try @stijn-hoop's suggestion below (in the comments section of this answer).

dgo.a
  • 891
2

Use IdentitiesOnly yes below these hosts, in .ssh/config.

Andrew Schulman
  • 3,206
Cougar
  • 569