Photos from Jantine Doornbos on Unsplash
Hi everyone,
Everytime I get a new computer (which is not that often but often enough to write this), I...
For further actions, you may consider blocking this person and/or reporting abuse
Genuinely curious, why use multiple keys instead of using the same key for all services?
Bitbucket won't let me use the same key pub key for two different accounts
That is bad practice indeed to have the same public key used for two different accounts.
Why don't you want to create 2 key pairs (private/public) and use them on the two different accounts?
Once it is set up, you just have to forget it. So it is not a lot of work to add.
I’m perfectly happy making multiple key pairs. I was just answering the comment question that in that circumstance it is not an option to use the same key.
At least for me it's because I use the same computer for work and personal projects.
So I have 2 github accounts, one with email@work.com and the other with email@gmail.com...
Or something...
Why not use the same key in that case as well? (Also, "or something" 😂)
Same as Hazael.
And I don't use the same key because from time to time you will have to revoke the key (leaving the company)
In that case you will not have to redo it for all the other accounts. 😉
Hahahaha your reply made my day
You're only giving the service your public keys though. No need to "revoke" them. Your employer would likely want to remove your key so you no longer have access, but they would want to do that no matter what key you provided. And even if they left it in, it wouldn't be a security risk to you.
Definitely right.
Nevertheless, for the purpose of that post, I think that it is good to explain things clearly and not to use "implicit" behavior. That is why I used so many keys in that example. When you are familiar with this you are indeed going to use less keys and not remove everything.
And then, I think that your comment would be of great benefit. :-)
@Cully Sometimes you want to use different accounts, in order to isolate the access to the repositories from different devices. In that case (my case) the platform (for example BitBucket) doesn't allow you to share the same public key across different accounts.
A byproduct of doing this is that it's really easy to identify which key does what.
Nice post. I've created a Node CLI last month for exact same purpose. It is used for generating ssh keys for using multiple github/bitbucket/gitlab accounts like you've mentioned in the post by answering few questions CLI asks you so you don't have to type those commands when setting this up.
Github repo url : github.com/punitda/ssh-git
npm package url : npmjs.com/package/ssh-git
Though after keys are generated you've to add those to account manually. Working on electron app which will make this process even much more easier.
Note : It(cli) works on Linux(though not thoroughly tested) and MacOS for now. Haven't looked into windows part yet but will soon add support for that.
That is nice.
Nevertheless, I am not sure if I would let a third (untrusted) party app add my SSH keys to the services.
It is too sensitive information to leave it to a third party app and then potentially reduce my security. 😄
Agree. But, what if,
Yes, I am sure that it would be very legit and doesn't do anything wrong.
But as a Security person, I can't trust this kind of software. But it's just me. 😄
I am sure that this piece of software would be very useful to a a lot that can trust it. 😉
This was an absolute lifesaver for me..... thank you a lot
If you're already doing commit-signing, then you've likely also got the problem of having multiple GPG keys. You could save yourself some key-management effort by switching from SSH-only keys to using GPG keys for SSH activities (see this article - one of many on the topic).
Very interesting, one of my next article is to manage multiple GPG Keys to sign commits and tags. You can see it here :
How to Use GPG to Sign your Commits on Github, Gitlab, Bitbucket
Rémi Lavedrine ・ Jul 17 '19 ・ 6 min read
I will definitely have a look at the article you mentionned.
Not sure what I am doing wrong but I always get
ERROR: Repository not found.
when I try the company version.My SSH config:
And I clone with
git clone git@company.github.com:company/repo.git
I've verified that both keys are loaded in the ssh agent.
EDIT: Fixed by the good 'ol turning it off and on again, perfect! Thanks for your guide :)
Very happy that it worked.
Hey bro, you helped me to solve my problem, thank you so much :)
So happy that helps.
Thanks!
Awesome post!! Thanks
It's still a lot config though... :(
Btw, small typo in ~/.ssh/config.
You have github instead of gitlab for company keys.
:)
Thank you for that. ❤️
Thank you for this amazing post!
Now I'm able to use multiple SSH Keys in my computer :)
Do we really need to add the ssh keys manuay to the ssh-agent?
As far as I know if you specify the IdentityFile line for any key in the config, its automatically added.
It is indeed not mandatory.
But I prefer to do it. So that way, when you explain, you understand everything that happens. And nothing is done implicitly that could bring some question in the future (if something goes wrong).