1. Overview

In this tutorial, we’ll learn how to use a specific private SSH key when running Git commands that establish an SSH tunnel with the remote host.

2. Scenario

Let’s say we have two different GitHub accounts, one for work and another for personal usage. Furthermore, both of the accounts require different private SSH keys for authentication when performing commands such as git clone.

The private key to authenticate the work account is stored as ~/.ssh/id_rsa_work. On the other hand, the private key for our personal account is stored as ~/.ssh/id_rsa_personal.

Let’s look at the two different ways we can specify the different private keys to use when running the git clone command.

3. Using SSH Config File

One way we can specify a specific private key during the git clone is through the SSH config file.

Specifically, we can create two separate hosts for different private keys in the ~/.ssh/config file. Then, we can specify the different hosts in our SSH connection string during the git clone depending on which key we want to use.

Using the example we discussed earlier, here’s how the config file would look like:

$ cat ~/.ssh/config
Host github-work
    HostName github.com
    IdentityFile ~/.ssh/id_rsa_work

Host github-personal
    HostName github.com
    IdentityFile ~/.ssh/id_rsa_personal

The config file defines github-work and github-personal as two different host settings.

We can see that the HostName directives are both resolving to github.com since that’s the server we’ll connect to ultimately. Then, we use the IdentityFile directive to point to the different private key files for different accounts.

Now, to run the git clone on a repository that’s only accessible with the id_rsa_work private key, we can specify the SSH connection string with github-work as its host:

$ git clone git@github-work:corporateA/webapp.git

The underlying SSH client looks at the ~/.ssh/config file and resolves the github-work host to use the private key ~/.ssh/id_rsa_work.

Similarly, if we want to clone a repository that’s only accessible through the id_rsa_personal private key, we specify the github-personal host in our connection string:

$ git clone git@github-personal:bob/blog.git

4. Using core.sshCommand

The Git repositories offer a configurable option core.sshCommand. This configuration overrides the default SSH command when running any commands that require an SSH tunnel.

In this section, we’ll see how to use core.sshCommand to solve our problem.

4.1. Configuring core.sshCommand

Using the core.sshCommand configuration, we can customize the SSH command to include private key information for different repositories.

For example, we can clone the corporateA/webapp repository using the id_rsa_work private key in a one-liner:

$ git clone -c "core.sshCommand=ssh -i ~/.ssh/id_rsa_work" [email protected]:corporateA/webapp.git

In our example, we override the core.sshCommand at runtime using the -c option. Concretely, we change the SSH command to point to the private key we want to use using the -i option.

4.2. Persisting core.sshCommand on Repository Level

Instead of repeating the configuration override every time, we can persist it on a repository level using the git config command:

$ git config core.sshCommand "ssh -i ~/.ssh/id_rsa_work"

This command persists core.sshCommand configuration to the repository. This means Git will use this SSH command for any subsequent invocations.

To verify the configuration, we can retrieve it using git config –get to make sure it returns the new value:

$ git config --get core.sshCommand
ssh -i ~/.ssh/id_rsa_work

5. Summary

In this article, we discussed the problem of authenticating to GitHub using two different pairs of private SSH keys.

Then, we saw how we can preset SSH hosts with different private keys which we can refer to during our usual Git commands.

Finally, we also looked at the core.sshCommand which overrides the default SSH command used by the Git client.


« 上一篇: 正确删除RPM包