Multiple SSH Keys for Git

30 April 2015 - Git

I use a couple of different Bitbucket accounts, and in the past have mostly just used HTTPS to connect, but did find that I was getting prompted for credentials more often than I would like - even after telling SourceTree (my GUI of choice) to save those credentials.

I suspect the re-prompting for password is related to having multiple Bitbucket accounts, and it was getting confused and trying to authenticate against the wrong one. I didn't have the same trouble if I had one using SSH, and the other using HTTPS.

Either way, I'd rather use SSH for authentication across all my accounts. This was very simple to set up for a single account, but it didn't work as smoothly for multiple accounts using different keys. After playing around a bit, I got it working, so thought I'd write it down for future use and hopefully to help others at the same time ...

SourceTree by default uses Putty's Pageant to manage the keys. This is a little program that sits in your system tray to manage your SSH keys. You can right-click and add/view your keys that you've generated with the Putty Key Generator tool.

The problem I found when doing this was that it would always use just the first key. So one of my accounts worked, but the others didn't.

After a bit of reading on the internet, I was reminding about the ~\.ssh\config file, so then attempted to set up aliases:

Host account1.bitbucket.org
  Hostname bitbucket.org
  PreferredAuthentications publickey
  IdentitiesOnly yes
  IdentityFile ~/.ssh/account1

Host account2.bitbucket.org
  Hostname bitbucket.org
  PreferredAuthentications publickey
  IdentitiesOnly yes
  IdentityFile ~/.ssh/account2

Then I just needed to alter the Git repo's remote URL to use this alias. So instead of:

[email protected]:myUserName/myRepoName.git

I instead use the alias from the config file:

[email protected]:myUserName/myRepoName.git

Still not working quite correctly though! What I didn't realise was that Putty doesn't use the config file (well at least not according to Steve from Atlassian on this thread).

That config file won't be picked up by PuTTY. There is a direct equivalent in PuTTY, but it involves setting up 'Saved Sessions' in the PuTTY GUI instead - you use the session name as an alias effectively and provide the host name, key to use and other details in the GUI.

I quite like the idea of using the config file to set up aliases, as it feels very explicit - so I tried using OpenSSH instead of Putty. After switching over to OpenSSH in the SourceTree configuration, then adding the keys via the SourceTree Tools .. Add SSH Key menu item - everything then worked perfectly.

Whilst I'm sure it's possible to get it working using Putty Pageant with a bit more digging - switching to OpenSSH and using the config file was the solution that worked for me, and I'm most happy with.

Step by Step

Below is a more compact step-by-step set of instructions on how to set this up. This presumes that you're using Windows with SourceTree as your Git client, and are also happy using OpenSSH rather than Putty...

Generate your SSH keys

At the command line, type ssh-keygen -f <name> (defaults to RSA encryption, and refers to the file name - make this describe your account to you can recognise it).

Update SSH Config file

Create/edit your C:\Users\<username>\.ssh\config file so that it matches the format described earlier in this post. Changing just the host line to be the local alias you want (which can be anything). And also changing the identity to refer to the key you created with ssh-keygen.

Update Git remotes

In each of your git repositories, change your remote to use your alias in the url rather than just bitbucket.org (see earlier in the post for an example).

Add keys to known hosts file

In SourceTree, make sure you've added all your keys via the Tools .. Add SSH Key menu option. Note that this is just updating your C:\Users\<username>\.ssh\known_hosts file.

And that's it! Hopefully this should help someone out! I should also point out that all of the above most likely also applies to Github - I just haven't tested it there.

Happy Gitting! ...

Search


Recent Posts


Featured Posts


.NET Oxford Links