Skip to content

Instantly share code, notes, and snippets.

@mcfdn
Last active November 21, 2022 14:02
Show Gist options
  • Save mcfdn/d379e04e7ae2861414886af189ec59e5 to your computer and use it in GitHub Desktop.
Save mcfdn/d379e04e7ae2861414886af189ec59e5 to your computer and use it in GitHub Desktop.
Using multiple GitHub deploy keys on a single server with a single user

Using multiple GitHub deploy keys on a single server with a single user

Within GitHub it is possible to set up two types of SSH key - account level SSH keys and and repository level SSH keys. These repository level SSH keys are known in GitHub as deploy keys.

Deploy keys are useful for deploying code because they do not rely on an individual user account, which is susceptible to change, to “store” the server keys.

There is, however, an ‘issue’ with using deploy keys; each key across all repositories on GitHub must be unique. No one key can be used more than once. This becomes a problem when deploying to repositories to the same server with the same user. If you create two keys, the SSH client will not know which key to use when connecting to GitHub.

One solution is to use an SSH config file to define which key to use in which situation. This isn’t as easy as it seems.. you might try something like this:

Host github.com
 HostName github.com
 IdentityFile ~/.ssh/repo-1-deploy-key

However, how would you add the second deploy key? The Host would be the same. The solution is to add a subdomain to the GitHub URL:

Host repo-1.github.com
 IdentityFile ~/.ssh/repo-1-deploy-key
Host repo-2.github.com
 IdentityFile ~/.ssh/repo-2-deploy-key

You’ll also need to update your remote origin URLs:

cd /path/to/repo-1
git remote set-url origin [email protected]:username/repo-1.git

You can test your SSH keys are set up like so:

ssh -T [email protected]

If all is well, you’ll see something like the following:

Hi username/repo-1! You've successfully authenticated, but GitHub does not provide shell access.

Further Reading:

@sankar4n
Copy link

We can also add user to the config
git clone repo-1-account:hisankaran/repo-1.git

Host 		repo-1-account
HostName 	github.com
User 		git
Identityfile 	~/.ssh/github/repo-1/id_rsa

git clone repo-2-account:hisankaran/repo-2.git

Host 		repo-2-account
HostName 	github.com
User 		git
Identityfile 	~/.ssh/github/repo-2/id_rsa

@zgia
Copy link

zgia commented Mar 21, 2019

@NickWoodhams thx a lot, good implementation.

@stevecondylios
Copy link

@NickWoodhams lifesaver!

@chris-roerig
Copy link

@NickWoodhams thanks. Also wanted to note that you must update your deploy tool to use the alias as well.

set :repository, 'git@repo-1-alias:username/repo1.git'

@jwang-navarik
Copy link

jwang-navarik commented Nov 18, 2019

This is a great solution and it works for me with git clone. But in my case I need to get it work with npm install (one private repo of mine is dependent on 2 other private repos of mine). While it works with
git clone git@repo-alias:username/repo.git

npm i git+git@repo-alias:username/repo.git
gives me "ssh: Could not resolve hostname repo-alias".

Any ideas I can get this work? Appreciate any help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment