SSH Keys – Do You Need Two SSH Keys for One Account with Two Emails?

gitgithubsshssh-keys

Here's my situation:
I have one GitHub account. It was always my personal account, with my personal email. Recently my company switched to GitHub and I decided to use the same account (it was allowed, I doubled checked). I was added the company's organization with my work email. So, when I configured git on my work machine, I used work email to generate ssh-key. I also use work email in global config and it works great.

Now I'm wondering, if I want to push some changes to my personal repository from my work machine, I don't want my work email to be associated with that commit. That's easy to do by setting user.email locally. But what about authentication? And here is my question:

If I have ONE account, with personal email and with work email in organization, does it matter how I authenticate myself (if the ssh-key is generated for work or personal email) if the config.email is set properly?

Or in other words, will it say somewhere that "this commit was pushed after being authenticated by this ssh-key, which has work email in it"?

Best Answer

I used work email to generate ssh-key

SSH keys don't have an email address field.

They have a comment field, which typically contains a "user@host" of the system which generated the key, but that's neither an email address nor something that SSH (much less Git) pays attention to – it's just a label for the key.

Or in other words, will it say somewhere that "this commit was pushed after being authenticated by this ssh-key

No, GitHub doesn't do that. Commits look the same no matter how they were pushed (or who pushed them, even).

(And even if a Git hosting system decided to do this, it would have to remain an "external" label only visible on the hosting system, as it's not possible to add fields to commits after they're already made.)

If you're asking because you've noticed the "Verified" pop-up that GitHub does show alongside some commits – that's something completely different; it's a digital signature attached when the commit is made, not when it's pushed. (See the git commit -S option.)

Originally these signatures were made using a PGP (GPG) key or rarely using S/MIME, but to confuse the matters Git did recently gain the ability to use SSH keys for commit signing. However, that remains completely separate from SSH push authentication; it's a reuse of SSH keys for non-SSH purposes. (I believe GitHub has a completely separate list of keys trusted for signing.)

(As for signing, I would personally recommend having a separate work key, no matter if it's a PGP key or an SSH-format key.)

Related Question