Use different SSH keys for different accounts on the same Git hosting

Asked 3/12, 2013 at 14:17 Answered 4/12, 2023 at 23:28

This question would be simple if I ask it as a use case. I have two SSH keys on my computer

personal_id_rsa
company_id_rsa

And I have two different user accounts on bitbucket.org. One of them is my personal account and the other is my company account. I have N number of repositories on my PC as well. Some of them has to be linked with my personal account and some other repos with the company account. There is no repositories that has to be linked to both the accounts. I have set the Identityfile inside the ~/.ssh/config to something like below.

Host *.bitbucket.org
   IdentityFile ~/.ssh/company_id_rsa

And whenever I want to push something to my personal repos, I change the config file to something like below.

Host *.bitbucket.org
   IdentityFile ~/.ssh/personal_id_rsa

And now, it becomes quite an inconvenience to edit the file whenever I want to make a git push. I was just thinking if I could just pickup one of the keys on the fly, when I push, it would have been a lot easier. Is there any way to do so?

I came across this question which explains a similar use case, but that is not the exact use case here.

Michel answered 3/12, 2013 at 14:17 Comment(1)

as u referred that qsn, – Bart 3/12, 2013 at 19:0

You can add two Bitbucket "accounts" in your ssh config file. Bitbucket has alternative ssh host listening on port 443 (For those who has blocked almost all ports (sic!)).

Host bitbucketCompany
    User git
    HostName altssh.bitbucket.org
    Port 443
    IdentityFile ~/.ssh/company_id_rsa

Host bitbucketWork
    User git
    HostName bitbucket.org
    Port 22
    IdentityFile ~/.ssh/personal_id_rsa

Then update your remotes in .git/config

Company projects

[remote "origin"]
    url = ssh://bitbucketCompany/username/repo.git

Personal projects

[remote "origin"]
    url = ssh://bitbucketPersonal/username/repo.git

Zahavi answered 3/12, 2013 at 15:35 Comment(1)

Ok, this answer has given me a pointer to this resource. confluence.atlassian.com/pages/viewpage.action?pageId=271943168. Accepting this answer. – Michel 4/12, 2013 at 2:0

Two ways.

Git consults the environment variable GIT_SSH to know which SSH client to use. If it's not set, it reverts to its built-in default (it's just ssh or ssh.exe, depending on the platform, IIRC), so you can do this:
```
$ cat >~/bin/bb-priv-ssh
#!/bin/sh
/usr/bin/ssh -i /path/to/my/private/ssh/key
^D
$ chmod +x $_
$ cat >~/bin/bb-corp-ssh
#!/bin/sh
/usr/bin/ssh -i /path/to/my/corporate/ssh/key
^D
$ chmod +x $_
```
Now you'll be able to do this
```
$ GIT_SSH=~/bin/bb-priv-ssh git push
$ GIT_SSH=~/bin/bb-corp-ssh git push
```
or just
```
$ export GIT_SSH=~/bin/bb-priv-ssh
```
before opening a session in which you do your private work; "corporate settion" would be set up like this with the obvious adjustment.

Note that you can't just use GIT_SSH='/usr/bin/ssh -i /path/to/a/key/file' as Git expects this variable to contain just a pathname. I'm lazy to google at the moment for relevant comp.lang.version-control.git articles on this — please do this yourself if needed.
Start using the SSH key agent. You can then add to it both keys, and it will attempt to use both of them when authenticating — one will fail, and the other one succeed. This makes the login process longer for an unfortunate host (one more round of authentication round-trips) but in this case, I reckon, it's a reasonable price to pay for convenience.

Mulhouse answered 3/12, 2013 at 15:25 Comment(1)

Infact, the first method requires a bit of unlearning, where I flawlessly start typing a git command. And the second needs another software. I found this and it appears to be solving the issue for me : confluence.atlassian.com/pages/viewpage.action?pageId=271943168. I will update you after giving it a test. Thanks. – Michel 4/12, 2013 at 2:2

SOLUTION

I'm keeping the other answer as accepted, because that pointed me to the correct solution, here. I removed all the existing keys from my machine and created two completely new ones, namely personalid and companyid.

$ ssh-keygen -f ~/.ssh/personalid -C "My Personal SSH Key"
$ ssh-keygen -f ~/.ssh/companyid -C "My Company SSH Key"

And after that, added both to appropriate accounts on bitbucket. Then I created the following SSH config file and everything works like a charm. Since I don't have any repositories that has to be pushed to both the company and the personal accounts, this solution requires no additional hacks to make it working.

Host github.com
  HostName github.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/personalid

Host company
  HostName bitbucket.org
  IdentityFile ~/.ssh/companyid

Host personal
  HostName bitbucket.org
  IdentityFile ~/.ssh/personalid

And when pushing, do it normally as you do, git push <your stuff> and it will pick the appropriate key which is uploaded on bitbucket.

Michel answered 4/12, 2013 at 2:39 Comment(0)

If the name of the host is the same, your git config file should look something like this:

# Set up SSH keys for personal and work projects
Host gitlab.com
    HostName gitlab.com
    User git
    AddKeysToAgent yes
    IdentitiesOnly yes

    # Personal projects
    Match User [email protected]
    IdentityFile ~/.ssh/id_ed25519
    # Work projects
    Match User [email protected]
    IdentityFile ~/.ssh/id_rsa

Just change your email and host. Also, I have 2 ssh key pairs created with 2 different algorithms, but you don't have to.

Bromism answered 4/12, 2023 at 23:28 Comment(0)

Recommended topics

Hot tags