16

How can I store 2 different private SSH keys for the same host? I have tried 2 entries in /etc/ssh/ssh_config for the same host with the different keys, and I've also tried to put both keys in the same file and referencing it from one hosts setting, however both do not work.

More detail: I'm running Ubuntu server (12.04) and I want to connect to GitHub via SSH to download the latest source for my projects. There are multiple projects running on the same server and each project has a GitHub repo with it's own unique deloyment key-pair. So the host is always the same (github.com) but the keys need to be different depending on which repo I'm using.

Different /etc/ssh/ssh_config versions I have tried:

Host github.com IdentityFile /etc/ssh/my_project_1_github_deploy_key StrictHostKeyChecking no Host github.com IdentityFile /etc/ssh/my_project_2_github_deploy_key StrictHostKeyChecking no

and this with both keys in the same file:

Host github.com IdentityFile /etc/ssh/my_project_github_deploy_keys StrictHostKeyChecking no

I've had no luck with either. Any help would be greatly appreciated!

Improve this question

2 Answers 2

Reset to default
9

I would do it like this:

Host project_1 HostName github.com IdentityFile /etc/ssh/my_project_1_github_deploy_key Host project_2 HostName github.com IdentityFile /etc/ssh/my_project_2_github_deploy_key

and then use project_1 or project_2 as the host to access the repository.

Improve this answer
11
  • 1
    Disabling host key checking is a terrible idea (security wise) and unrelated to the solution you propose. Other than that, it's a good answer. Commented Dec 19, 2012 at 17:02
  • 1
    @gertvdijk you are of course correct, edited my answer. Commented Dec 19, 2012 at 17:09
  • I've disabled strict host key checking myself because my scripts are automated and it avoids the prompts that occur the first time you connect. Can you recommend a more secure alternative @gertvdijk? Commented Dec 19, 2012 at 17:10
  • @Sencha add the host key to the known_hosts file, that file can also be specified via UserKnownHostsFile in ssh_config Commented Dec 19, 2012 at 17:13
  • 1
    I totally overlooked it was in the question already. Sorry. Maybe we can discuss this in another question. Commented Dec 19, 2012 at 17:31
11

You can provide multiple identity files that SSH will attempt in sequence until one works or they all fail.

Host github.com IdentityFile /etc/ssh/my_project_1_github_deploy_key IdentityFile /etc/ssh/my_project_2_github_deploy_key StrictHostKeyChecking no
Improve this answer
6
  • 3
    MaxAuthTries must not be set too low serverside (default value is 6 so problem are likely to appear when your reach my_project_6). Commented Dec 19, 2012 at 16:59
  • I've just tried this but it's not working. Whatever is the first identify file works, but when trying to connect with one of the additional identities it fails. Commented Dec 19, 2012 at 16:59
  • 1
    @Sencha Please provide the relevant output of ssh -vvv when connecting. Relevant as in what keys are offered and why it is refused. Commented Dec 19, 2012 at 17:04
  • 1
    @Sencha Git just uses the SSH client under water. That's why I suggest running ssh yourself in order to check at what point it fails. Commented Dec 20, 2012 at 23:53
  • 1
    I find this answer better than having to use a custom url. Commented Dec 20, 2019 at 4:25

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.