We need to generate a unique SSH key for our second GitHub account.
ssh-keygen -t rsa -C "your-email-address"
Be careful that you don't over-write your existing key for your personal account. Instead, when prompted, save the file as id_rsa_COMPANY. In my case, I've saved the file to ~/.ssh/id_rsa_nettuts.
Next, login to your second GitHub account, browse to "Account Overview," and attach the new key, within the "SSH Public Keys" section. To retrieve the value of the key that you just created, return to the Terminal, and type: vim ~/.ssh/id_rsa_COMPANY.pub. Copy the entire string that is displayed, and paste this into the GitHub textarea. Feel free to give it any title you wish.
Next, because we saved our key with a unique name, we need to tell SSH about it. Within the Terminal, type: ssh-add ~/.ssh/id_rsa_COMPANY. If successful, you'll see a response of "Identity Added."
We've done the bulk of the workload; but now we need a way to specify when we wish to push to our personal account, and when we should instead push to our company account. To do so, let's create a config file.
touch ~/.ssh/config
vim config
If you're not comfortable with Vim, feel free to open it within any editor of your choice. Paste in the following snippet.
#Default GitHub
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa
This is the default setup for pushing to our personal GitHub account. Notice that we're able to attach an identity file to the host. Let's add another one for the company account. Directly below the code above, add:
Host github-COMPANY
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_COMPANY
This time, rather than setting the host to github.com, we've named it as github-COMPANY. The difference is that we're now attaching the new identity file that we created previously: id_rsa_COMPANY. Save the page and exit!
It's time to see if our efforts were successful. Create a test directory, initialize git, and create your first commit.
git init
git commit -am "first commit'
Login to your company account, create a new repository, give it a name of "Test," and then return to the Terminal and push your git repo to GitHub.
git remote add origin git@github-COMPANY:Company/testing.git
git push origin master
Note that, this time, rather than pushing to git@github.com, we're using the custom host that we create in the
config file: git@github-COMPANY.
Return to GitHub, and you should now see your repository. Remember:
When pushing to your personal account, proceed as you always have. For your company account, make sure that you use git@github-COMPANY as the host. Be sure to refer to the screencast if you need a more visual overview of the steps above!
Just do this once:
ssh-add -K ~/.ssh/[your-private-key]
Enter your key passphrase, and you won't be asked for it again.
(If you're on a pre-Sierra version of OSX, you're done, Step 6 is not required.)
It seems that OSX Sierra removed the convenient behavior of persisting your keys between logins, and the update to ssh no longer uses the keychain by default. Because of this, you will get prompted to enter the passphrase for a key after you upgrade, and again after each restart.
The solution is fairly simple, and is outlined in this github thread comment. Here's how you set it up:
- Ensure you've completed Step 1 above to store the key in the keychain.
- If you haven't already, create an ~/.ssh/config file. In other words, in the .ssh directory in your home dir, make a file called config.
In that .ssh/config file, add the following lines:
Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile ~/.ssh/id_rsaChange ~/.ssh/id_rsa to the actual filename of your private key. If you have other private keys in your ~.ssh directory, also add an IdentityFile line for each of them. For example, I have one additional line that reads IdentityFile ~/.ssh/id_ed25519 for a 2nd private key.
The UseKeychain yes is the key part, which tells SSH to look in your OSX keychain for the key passphrase.
That's it! Next time you load any ssh connection, it will try the private keys you've specified, and it will look for their passphrase in the OSX keychain. No passphrase typing required.