Skip to content

Instantly share code, notes, and snippets.

@jmcaldera
Last active May 25, 2024 19:58
Show Gist options
  • Save jmcaldera/e445ff878c81e16d0c19b4049f009703 to your computer and use it in GitHub Desktop.
Save jmcaldera/e445ff878c81e16d0c19b4049f009703 to your computer and use it in GitHub Desktop.
Multiple SSH Keys macOS

Multiple SSH Keys on same client

Check if you have existing keys by opening the terminal and entering: ssh-add -l OR ls -al ~/.ssh and check for any file called (usually) id_rsa or similar

Identify the host you're using your current key for. You probably added this key to, for example your github or gitlab account. We will use this later on.

If you don't have a config file on ~/.ssh folder, you will need to create one. We'll get back to this later.

Now create a new key for your new host by following the steps on https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent and give it a different name, like id_rsa_github_personal.

Once you've created a new key, it's time to create our config file (or modify if you have one already) at ~/.ssh/config. Type nano config and add the following lines:

# GitHub Personal
Host github_personal
HostName github.com
AddKeysToAgent yes
UseKeyChain yes
IdentityFile ~/.ssh/id_rsa_github_personal

If you didn't have a config file but did have a key, now is the time to add it to the file. Let's say that you were using it for your company's github repository, so just add the following lines (edit it accordingly):

# GitHub Company
Host github_company
HostName github.com
AddKeysToAgent yes
UseKeyChain yes
IdentityFile ~/.ssh/id_rsa

Note: you should add the correct file name to IdentityFile.

Now it's time to add your key to the ssh-agent: Start the agent if you haven't already by running eval "$(ssh-agent -s)", then enter ssh-add -K ~/.ssh/id_rsa_github_personal. And you're all set!

Note: if on the first step the output for ssh-add -l was "The agent has no identities" but you did found a key on /.ssh folder, then add that key to the agent.

So now when you want to clone a repository using ssh, the url is usually in this format: git@github.com:username/repository-name.git. You will need to modify github.com and use the Host name that you added to config file. For example: git@github_company:username/repository-name.git.

@devzom
Copy link

devzom commented Sep 20, 2021

@jmcaldera

thanks for great guide :)

Edit: delete wrong information

@absolon2
Copy link

absolon2 commented Sep 22, 2021

@devzom Those options do not exist on ssh-add on my mac.

@devzom
Copy link

devzom commented Sep 22, 2021

@absolon2 I've added a note that this is related to Big Sur and Catalina i think. What's Your system?

@absolon2
Copy link

I have Big Sur 11.6 installed.

@devzom
Copy link

devzom commented Sep 22, 2021

@absolon2 okey, sorry, that Was my mistake. Somehow terminal showed me that the shortcut is deprecated.

@timohausmann
Copy link

Sadly I cannot get two keys working on macOS 12.

Sidenote: -K is deprecated, use --apple-use-keychain.

When I delete the Host * block, it works though with a bitb2 repository url. So weird. Any ideas?

Host bitb2
  HostName bitbucket.org
  User git
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa_bitb2

Host *
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa

@Diiplexus
Copy link

Sadly I cannot get two keys working on macOS 12.

Sidenote: -K is deprecated, use --apple-use-keychain.

When I delete the Host * block, it works though with a bitb2 repository url. So weird. Any ideas?

Host bitb2
  HostName bitbucket.org
  User git
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa_bitb2

Host *
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa

same issue here, where you able to get it to work?

@timohausmann
Copy link

same issue here, where you able to get it to work?

Hey, yes! On MacOS you have to explicitly exclude the other hosts from the star rule:

Host * !bitb2
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa

@crisleo94
Copy link

In order to make a push or pull from a repo, should I specify the host as well, or is not necessary? Amazing gist

@jmcaldera
Copy link
Author

In order to make a push or pull from a repo, should I specify the host as well, or is not necessary? Amazing gist

@crisleo94 you don't need to specify the host for push or pull as you already have the repository with the remote url configured when you cloned it

@orbitbot
Copy link

orbitbot commented Jul 7, 2022

same issue here, where you able to get it to work?

Hey, yes! On MacOS you have to explicitly exclude the other hosts from the star rule:

Host * !bitb2
  UseKeychain yes
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa

Thanks! This works 🚀

@cognivator
Copy link

OMG! The last paragraph saved me from another several hours of pondering. Thank you!

I had multiple SSH keys, one for each github account... and I had multiple entries in ~/.ssh/config, one for each SSH key. So far, so good,

Host host-alias-1
  HostName github.com
  ...
  IdentifyFile ~/.ssh/key1

Host host-alias-2
  HostName github.com
  ...
  IdentifyFile ~/.ssh/key2

What I FAILED to do was use the unique Host aliases when configuring remote repo urls in SourceTree. I mistakenly used,

git@github.com:username/repository.git

when I should have used,

git@host-alias-x:username/repository.git

Once the above change was made, everything worked!

@ivan-spichka
Copy link

ivan-spichka commented Apr 2, 2024

Many thanks for the guide. Will add some notes here.
I have several github accounts and have a key per each one and use them on the same machine.

The steps are important:

  1. You update the ~.ssh/config file first as Cognivator mentioned above.
  2. You save the file.
  3. You add the key to agent via ssh-add --apple-use-keychain ~/.ssh/your_file
  4. You open NEW terminal window
  5. you use the updated host alias as Cognivator mentioned above: git@host-alias-x:username/repository.git

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment