Using Multiple SSH Public Keys

gitssh-keys

I have a personal account and a company account on Unfuddle. On Unfuddle SSH keys can only be used on a single account, so I need to create a seperate SSH key on my laptop for both accounts. I ran ssh-keygen -t rsa to generate two keys with different names (personal is default name and company is {company}_rsa). The problem now is that it appears that my default key is used everywhere and I can't find out how to specify a key to use in Git for individual repos.

So my question is: How do I specify an SSH key to use on a repo-to-repo basis?

I setup my ssh_config (~/.ssh/config) but it still doesn't seem to work.

config:

Host {personalaccount}.unfuddle.com
     HostName {personalaccount}.unfuddle.com
     User git
     IdentityFile /Users/dave/.ssh/id_rsa

Host {companyaccount}.unfuddle.com
     HostName {companyaccount}.unfuddle.com
     User git
     IdentityFile /Users/dave/.ssh/cage_rsa

My Git repo config file for a repo on my company unfuddle account looks like this:

[remote "origin"]
     url = git@{companyaccount}.unfuddle.com:{companyaccount}/overall.git
     fetch = +refs/heads/*:refs/remotes/origin/*

So I am not sure if there is something wrong with my ssh config or my git config.

Best Answer

If you have an active ssh-agent that has your id_rsa key loaded, then the problem is likely that ssh is offering that key first. Unfuddle probably accepts it for authentication (e.g. in sshd) but rejects it for authorization to access the company repositories (e.g. in whatever internal software they use for authorization, possibly something akin to Gitolite). Perhaps there is a way to add your personal key to the company account (multiple people are not sharing the same corp_rsa public and private key files, are they?).


The IdentitiesOnly .ssh/config configuration keyword can be used to limit the keys that ssh offers to the remote sshd to just those specified via IdentityFile keywords (i.e. it will refuse to use any additional keys that happen to be loaded into an active ssh-agent).

Try these .ssh/config sections:

Host {personalaccount}.unfuddle.com
     IdentityFile ~/.ssh/id_rsa
     IdentitiesOnly yes

Host {companyaccount}.unfuddle.com
     IdentityFile ~/.ssh/{companyaccount}_rsa
     IdentitiesOnly yes

Then, use Git URLs like these:

git@{personalaccount}.unfuddle.com:{personalaccount}/my-stuff.git
git@{companyaccount}.unfuddle.com:{companyaccount}/their-stuff.git

If you want to take full advantage of the .ssh/config mechanism, you can supply your own custom hostname and change the default user name:

Host uf-mine
     HostName {personalaccount}.unfuddle.com
     User git
     IdentityFile ~/.ssh/id_rsa
     IdentitiesOnly yes

Host uf-comp
     HostName {companyaccount}.unfuddle.com
     User git
     IdentityFile ~/.ssh/{companyaccount}_rsa
     IdentitiesOnly yes

Then, use Git URLs like these:

uf-mine:{personalaccount}/my-stuff.git
uf-comp:{companyaccount}/their-stuff.git
Related Question