DEV Community

Cover image for How to Setup Multiple Ssh Keys for Multiple Github/Bitbucket accounts.

How to Setup Multiple Ssh Keys for Multiple Github/Bitbucket accounts.

Rémi Lavedrine on July 15, 2019

Photos from Jantine Doornbos on Unsplash Hi everyone, Everytime I get a new computer (which is not that often but often enough to write this), I...
Collapse
 
cullylarson profile image
Cully Larson

Genuinely curious, why use multiple keys instead of using the same key for all services?

Collapse
 
dewofyouryouth_43 profile image
Jacob E. Shore

Bitbucket won't let me use the same key pub key for two different accounts

Collapse
 
shostarsson profile image
Rémi Lavedrine • Edited

That is bad practice indeed to have the same public key used for two different accounts.
Why don't you want to create 2 key pairs (private/public) and use them on the two different accounts?
Once it is set up, you just have to forget it. So it is not a lot of work to add.

Thread Thread
 
dewofyouryouth_43 profile image
Jacob E. Shore

I’m perfectly happy making multiple key pairs. I was just answering the comment question that in that circumstance it is not an option to use the same key.

Collapse
 
hmojicag profile image
Hazael Mojica

At least for me it's because I use the same computer for work and personal projects.
So I have 2 github accounts, one with email@work.com and the other with email@gmail.com...
Or something...

Collapse
 
cullylarson profile image
Cully Larson

Why not use the same key in that case as well? (Also, "or something" 😂)

Thread Thread
 
shostarsson profile image
Rémi Lavedrine • Edited

Same as Hazael.
And I don't use the same key because from time to time you will have to revoke the key (leaving the company)
In that case you will not have to redo it for all the other accounts. 😉

Thread Thread
 
hmojicag profile image
Hazael Mojica

Hahahaha your reply made my day

Thread Thread
 
cullylarson profile image
Cully Larson

You're only giving the service your public keys though. No need to "revoke" them. Your employer would likely want to remove your key so you no longer have access, but they would want to do that no matter what key you provided. And even if they left it in, it wouldn't be a security risk to you.

Thread Thread
 
shostarsson profile image
Rémi Lavedrine

Definitely right.
Nevertheless, for the purpose of that post, I think that it is good to explain things clearly and not to use "implicit" behavior. That is why I used so many keys in that example. When you are familiar with this you are indeed going to use less keys and not remove everything.
And then, I think that your comment would be of great benefit. :-)

Thread Thread
 
olistik profile image
olistik

@Cully Sometimes you want to use different accounts, in order to isolate the access to the repositories from different devices. In that case (my case) the platform (for example BitBucket) doesn't allow you to share the same public key across different accounts.

Thread Thread
 
edwrdtjustice profile image
Edwrd T

A byproduct of doing this is that it's really easy to identify which key does what.

Collapse
 
punit__d profile image
punit • Edited

Nice post. I've created a Node CLI last month for exact same purpose. It is used for generating ssh keys for using multiple github/bitbucket/gitlab accounts like you've mentioned in the post by answering few questions CLI asks you so you don't have to type those commands when setting this up.

Github repo url : github.com/punitda/ssh-git
npm package url : npmjs.com/package/ssh-git

Though after keys are generated you've to add those to account manually. Working on electron app which will make this process even much more easier.

Note : It(cli) works on Linux(though not thoroughly tested) and MacOS for now. Haven't looked into windows part yet but will soon add support for that.

Collapse
 
shostarsson profile image
Rémi Lavedrine

That is nice.
Nevertheless, I am not sure if I would let a third (untrusted) party app add my SSH keys to the services.
It is too sensitive information to leave it to a third party app and then potentially reduce my security. 😄

Collapse
 
punit__d profile image
punit

Agree. But, what if,

  1. It is open source?
  2. It doesn't stores anything locally. It generates ssh keys, obtains one time token for publishing keys to github/bitbucket/gitlab(doesn't stores it locally) and adds generated keys to your account?
Thread Thread
 
shostarsson profile image
Rémi Lavedrine

Yes, I am sure that it would be very legit and doesn't do anything wrong.
But as a Security person, I can't trust this kind of software. But it's just me. 😄
I am sure that this piece of software would be very useful to a a lot that can trust it. 😉

Collapse
 
akashshyam profile image
Akash Shyam

This was an absolute lifesaver for me..... thank you a lot

Collapse
 
ferricoxide profile image
Thomas H Jones II

If you're already doing commit-signing, then you've likely also got the problem of having multiple GPG keys. You could save yourself some key-management effort by switching from SSH-only keys to using GPG keys for SSH activities (see this article - one of many on the topic).

Collapse
 
shostarsson profile image
Rémi Lavedrine • Edited

Very interesting, one of my next article is to manage multiple GPG Keys to sign commits and tags. You can see it here :

I will definitely have a look at the article you mentionned.

Collapse
 
stanzilla profile image
Benjamin Staneck • Edited

Not sure what I am doing wrong but I always get ERROR: Repository not found. when I try the company version.

My SSH config:

Host company.github.com
  HostName github.com
  IdentityFile ~/.ssh/id_rsa_company
  PreferredAuthentications publickey

Host github.com
  HostName github.com
  IdentityFile ~/.ssh/id_rsa_gmail
  PreferredAuthentications publickey

And I clone with git clone git@company.github.com:company/repo.git

I've verified that both keys are loaded in the ssh agent.

EDIT: Fixed by the good 'ol turning it off and on again, perfect! Thanks for your guide :)

Collapse
 
shostarsson profile image
Rémi Lavedrine

Very happy that it worked.

Collapse
 
rodolphonetto profile image
Rodolpho Netto

Hey bro, you helped me to solve my problem, thank you so much :)

Collapse
 
shostarsson profile image
Rémi Lavedrine

So happy that helps.

Collapse
 
dewofyouryouth_43 profile image
Jacob E. Shore

Thanks!

Collapse
 
hmojicag profile image
Hazael Mojica

Awesome post!! Thanks
It's still a lot config though... :(

Btw, small typo in ~/.ssh/config.

You have github instead of gitlab for company keys.

:)

Collapse
 
shostarsson profile image
Rémi Lavedrine

Thank you for that. ❤️

Collapse
 
fedebabrauskas profile image
Federico Babrauskas

Thank you for this amazing post!
Now I'm able to use multiple SSH Keys in my computer :)

Collapse
 
kryptonian41 profile image
aapoorv41@gmail.com

Do we really need to add the ssh keys manuay to the ssh-agent?
As far as I know if you specify the IdentityFile line for any key in the config, its automatically added.

Collapse
 
shostarsson profile image
Rémi Lavedrine • Edited

It is indeed not mandatory.

But I prefer to do it. So that way, when you explain, you understand everything that happens. And nothing is done implicitly that could bring some question in the future (if something goes wrong).