Tiffany B. Brown

09 June 2017

Using multiple SSH keys with GitHub

Everything federal employees do in their work capacity is potentially subject to a Freedom of Information Act (FOIA) request. Use your personal email — or GitHub account — for work purposes, and your not-at-all-government-related communications could be exposed to the world.

That's how I ended up with two GitHub accounts. And it's also why I found myself typing "using multiple SSH keys GitHub" into Google. Why risk having to give up an SSH key that you may use in multiple places?

Luckily, this is a solved problem, and the how has everything to do with SSH configuration.

I cobbled these instructions together from a few sources, including jexchan's gist, and GitHub's documentation. I also used some trial-and-error. They assume that:

  1. You have a second GitHub account with a second e-mail address.
  2. You're using a Mac.

The process for Linux and Windows is just different enough that I can't be sure that these instructions will work as is. I tried my best to point out those differences.

Create a new SSH key for your second account

  1. Enter the following command at the Terminal prompt.

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

  1. Enter a path and file name for your key, for example: /Users/yourname/.ssh/second_key_rsa. Be careful not to overwrite an existing key.
  2. Enter a passphrase. Without one, anyone who gets your key can copy it to another computer and use it. Choose a strong phrase.

Update your SSH configuration to specify which key to use for which account

Edit your SSH configuration file at ~./ssh/config. Create it if it doesn't exist.

# First account
Host github.com-first_user_name
  HostName github.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/first_key_rsa
  IdentitiesOnly yes

# Second account
Host github.com-second_user_name
  HostName github.com
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/second_key_rsa
  IdentitiesOnly yes

Add the new key to ssh-agent

Windows and Linux users should be able to run ssh-add ~/.ssh/second_key_rsa, and skip to the next step.

Mac users have to do a little more work.

  1. Add the following lines to ~./ssh/config.

    Host * AddKeysToAgent yes UseKeychain yes

  2. Type ssh-add -K ~/.ssh/second_key_rsa to add your key to ssh-agent. I'm not 100% sure whether this second step is required.

Set the origin and user of your local repo's .git/config file

Add the following lines to your_repo_name/.git/config.

    [remote "origin"]
        url = git@github.com-second_user_name:org-name-if-applicable/reponame.git
        fetch = +refs/heads/*:refs/remotes/origin/*
    [user]
        email = your_email@example.com

Add the new public key file to GitHub

  1. Go to the Settings page for your GitHub account.
  2. On the SSH and GPG keys, click New SSH Key.
  3. Copy the contents of ~/.ssh/second_key_rsa.pub to your clipboard.
  4. Paste it in the Key box, and save it by clicking the Add SSH Key button.

Very important caveat

Keep in mind that multiple free accounts violates GitHub's terms of service. Since my non-government work account was a paid account, this wasn't an issue for me.