Skip to content

Instantly share code, notes, and snippets.

@shoeper
Last active December 16, 2022 19:57
Show Gist options
  • Save shoeper/fe89477f52a32da0a46af8f90033569e to your computer and use it in GitHub Desktop.
Save shoeper/fe89477f52a32da0a46af8f90033569e to your computer and use it in GitHub Desktop.
How "Key is already in use" weakens security
Github and Gitlab limit SSH keys to being used just once blocking secure usage of their platforms.
You may have many repositories and want to give access to a few repositories e.g. to your work computer. The simplest
solution would be to add the SSH key as deploy key with read write allowing you to use the repository with no further
configuration, but here is where "Key is already in use" comes into play which blocks this behavior. Additionally, from
a usability point of view it is also very annoying, that you don't get told where the key is already being used. So
once you entered it anywhere as a deploy key for simple access it is fully blocked and you have to manually identify
the location where it is being used.
I'd propose to warn the user clearly, especially if the key is being used by other accounts, but don't block using it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment