Company I worked at using self-hosted gitlab, while I'm using github for personal works. I interact with git servers using ssh-based method so I need to generate SSH Key as git identification method. I just can just generate one
~/.ssh/id_rsa file as usual but I want to use different keys for different git servers.
I don't know how it will affect security, but I want to use different for each one. Here I will show how to utilize SSH Config to achieve this.
Let's say we have these two git accounts:
First, we need to create SSH Keys for these account. We may generate keys as many as we want. File permission with code
600 means you and only you that can read and modify this files.
Creating necessary files and directory
We should create a directory where SSH will look for our keys. By default it will stored in
~/.ssh, so if this directory doesn't exists we need to create it first. The easiest way is to use
Next we need to store our SSH config somewhere. Usually SSH configuration stored
~/.ssh/config, under the directory we just created. Create the file if it's not exists yet, can be using
touch ~/.ssh/config. We'll secure this file using
So complete commands would be:
mkdir ~/.ssh touch ~/.ssh/config chmod 600 ~/.ssh/config
Now, we want to generate SSH keys using
ssh-keygen. The key will be 4096 bit long so we should add
-b 4096 argument. Choose key name to your liking, in this example we will use key
id_rsa_personal. And same as the
config file we need to set permission for generated keys using
# Generate SSH Keys for personal ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_personal chmod 600 ~/.ssh/id_rsa_personal chmod 600 ~/.ssh/id_rsa_personal.pub
Repeat this step to generate key for work, just replace the key name e.g.
~/.ssh directory should have required files, try running
ls -la ~/.ssh and we should see 5 files:
Copy public keys content to your git server profile, set the title to be useful to identify which device you generate these keys:
You can use
pbcopy to copy file content to clipboard, you can do
paste on your git server SSH setting page.
Remember to only copy the public key content, the one eith
.pubfile extensions, the other file is your secret key and you need to keep it secure and not share it to anyone.
Until this, we we wont be able to interact with git server because git will confuse which key to use. We need to configure git which we will explore in the next section.
Load different SSH Keys for different Git server
Now we need to tell the git on our machine which keys it needs to use when interacting with which git server. Open file
~/.ssh/config in your favorite text editor and add these line. Save the file.
Host gitlab.com HostName gitlab.com IdentityFile ~/.ssh/id_rsa_work Host github.com HostName github.com IdentityFile ~/.ssh/id_rsa_personal
Now we can perform git operation to Github or Gitlab since git now knows which keys to use.
Load different SSH Keys for different Git server
We already setup the git identification with SSH method. Now we want to configure git to use different account on each interaction, the most important one is
commit. When you do commit, git will record name and email of the comitters. Here is example of
git log output, notice the Author is
commit f471c512e3413ffe6ed8d2ccd6403c50eccac58b (HEAD -> master) Author: John Doe <firstname.lastname@example.org> Date: Tue Sep 28 09:41:49 2021 +0700 Commit message here.
Since we have different emails for each git servers, we don't want to commit to work projects using personal information, or vice-versa. We can configure git to use different account on each directory. Say we can organize our project such as:
Separate git configuration for work and personal
The plan is to create separate config into files, and the tell git to load them based on where the git command called from. Create 2 files in home directory.
The content of each file should reflect your git credentials, for example the content of
~/.gitconfig-personal in this example would be:
[user] name = John Doe email = email@example.com
Do the same with
~/.gitconfig-work and fill your work git
Git reads configurations from
~/.gitconfig file, not from the 2 files we just created, unless we tell git. Create the files if it doesn't exists using
touch ~/.gitconfig. Edit the file and put the following lines.
[includeIf "gitdir:~/personal/"] path = .gitconfig-personal [includeIf "gitdir:~/work/"] path = .gitconfig-work
The file content is self-explanatory. But just to make sure we understand, I'll explain. This tells git if we run
git from any directory under
~/personal/my-blog, git will use
~/.gitconfig-personal file and use the content inside when doing operations e.g. to set Name and Email of commits.
In my personal experience, it is fairly easy to mixed git account when pushing changes. On my machine, I set global git to use my personal git account. Meanwhile related to work, as soon as I pulled new repository, I need to update git config for that project to not use my personal git. But people forget, several times I pulled a repo and pushed to work project using my global git account which is my personal info. Git won't care about this, but not with Gitlab and Github. Your work/commits will not appear in these website if you put wrong account when doing commit.
This workaround have been working for me so well and I don't worry anymore about committing my changes using different account.