Skip to content

Instantly share code, notes, and snippets.

@mcfdn

mcfdn/Multiple Deploy Keys in GitHub.md

Last active November 21, 2022 14:02
Show Gist options
  • Save mcfdn/d379e04e7ae2861414886af189ec59e5 to your computer and use it in GitHub Desktop.
Save mcfdn/d379e04e7ae2861414886af189ec59e5 to your computer and use it in GitHub Desktop.
Download ZIP
Using multiple GitHub deploy keys on a single server with a single user
Raw
Multiple Deploy Keys in GitHub.md

Using multiple GitHub deploy keys on a single server with a single user

Within GitHub it is possible to set up two types of SSH key - account level SSH keys and and repository level SSH keys. These repository level SSH keys are known in GitHub as deploy keys.

Deploy keys are useful for deploying code because they do not rely on an individual user account, which is susceptible to change, to “store” the server keys.

There is, however, an ‘issue’ with using deploy keys; each key across all repositories on GitHub must be unique. No one key can be used more than once. This becomes a problem when deploying to repositories to the same server with the same user. If you create two keys, the SSH client will not know which key to use when connecting to GitHub.

One solution is to use an SSH config file to define which key to use in which situation. This isn’t as easy as it seems.. you might try something like this:

Host github.com
 HostName github.com
 IdentityFile ~/.ssh/repo-1-deploy-key

However, how would you add the second deploy key? The Host would be the same. The solution is to add a subdomain to the GitHub URL:

Host repo-1.github.com
 IdentityFile ~/.ssh/repo-1-deploy-key
Host repo-2.github.com
 IdentityFile ~/.ssh/repo-2-deploy-key

You’ll also need to update your remote origin URLs:

cd /path/to/repo-1
git remote set-url origin [email protected]:username/repo-1.git

You can test your SSH keys are set up like so:

ssh -T [email protected]

If all is well, you’ll see something like the following:

Hi username/repo-1! You've successfully authenticated, but GitHub does not provide shell access.

Further Reading:

@ththvseo
Copy link

ththvseo commented Oct 22, 2017
edited
Loading

note for an improvement:
the alias you define does not actually have to be a subdomain of github.com
it can even be a bare word, like alias_for_repo_x.
that avoids the "timeout" issue, just giving you a dns error instead.
(the timeout happens because github has a wildcard record resolving to an ip that does not respond to ssh connection requests.)

@imikejackson
Copy link

OR... GitHub could just allow the use of a Deploy Key across multiple Repositories. GitLab certainly does.

@njulsrud
Copy link

For people getting the error of a connection timeout you are going to have to create a cname to the A record of your github instance OR modify the hosts file on your node running the git clone.

@philfree
@vitalyu
@racerxdl

@jaymehtasa
Copy link

@TimothySealy thank you, alias approach works like charm!

Avoid using sub-domain approach.

@JamesMcFadden Please consider updating your gist as sub-domain approach not working anymore, it keeps giving timeout error.

@NickWoodhams
Copy link

NickWoodhams commented Mar 5, 2018
edited
Loading

@TimothySealy thank you, your approach worked where the original one did not.

For those of you interested in how the new .git/config file looks with the alias, check out mine:

~/.ssh/config:

Host myalias github.com
Hostname github.com
IdentityFile ~/.ssh/id_rsa

Host myalias2 github.com
Hostname github.com
IdentityFile ~/.ssh/id_rsa2

myrepo/.git/config:

[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@myalias:NickWoodhams/myrepo.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

myrepo2/.git/config:

[core]
	repositoryformatversion = 0
	filemode = false
	bare = false
	logallrefupdates = true
[remote "origin"]
	url = git@myalias2:NickWoodhams/myrepo2.git
	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master

@jjyr
Copy link

jjyr commented Mar 24, 2018

Add HostName github.com option to each Host can solve the timeout issue.

Host repo-1.github.com
 HostName github.com
 IdentityFile ~/.ssh/repo-1-deploy-key
Host repo-2.github.com
 HostName github.com
 IdentityFile ~/.ssh/repo-2-deploy-key

@sankar4n
Copy link

We can also add user to the config
git clone repo-1-account:hisankaran/repo-1.git

Host 		repo-1-account
HostName 	github.com
User 		git
Identityfile 	~/.ssh/github/repo-1/id_rsa

git clone repo-2-account:hisankaran/repo-2.git

Host 		repo-2-account
HostName 	github.com
User 		git
Identityfile 	~/.ssh/github/repo-2/id_rsa

@zgia
Copy link

zgia commented Mar 21, 2019

@NickWoodhams thx a lot, good implementation.

@stevecondylios
Copy link

@NickWoodhams lifesaver!

@chris-roerig
Copy link

@NickWoodhams thanks. Also wanted to note that you must update your deploy tool to use the alias as well.

set :repository, 'git@repo-1-alias:username/repo1.git'

@jwang-navarik
Copy link

jwang-navarik commented Nov 18, 2019
edited
Loading

This is a great solution and it works for me with git clone. But in my case I need to get it work with npm install (one private repo of mine is dependent on 2 other private repos of mine). While it works with
git clone git@repo-alias:username/repo.git

npm i git+git@repo-alias:username/repo.git
gives me "ssh: Could not resolve hostname repo-alias".

Any ideas I can get this work? Appreciate any help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment