SSH Keys and Git

By Chris Maki | August 23, 2018

Multiple Git Accounts

If you contribute to multiple git repositories, for different organizations, and have multiple user accounts for the same git remote server (like gitlab.com), you’ve most likely ran into an issue when you try to clone a repo. Something like this:

1
2
3
4
5
6
7
$ git clone git@gitlab.com:project/repository.git
Cloning into 'repository'...
GitLab: The project you were looking for could not be found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

You’ll need to setup a new SSH key for each organization hosted at GitLab (or GitHub, Bitbucket, etc.).

1. Create a new SSH key

To use different ssh keys for different accounts, generate a new key (replace user@domain.com with your email) :

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ssh-keygen -t rsa -b 4096 -C "user@domain.com"
  Generating public/private rsa key pair.
  Enter file in which to save the key (/Users/chrismaki/.ssh/id_rsa): /Users/chrismaki/.ssh/domain (1)
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /Users/chrismaki/.ssh/domain.
  Your public key has been saved in /Users/chrismaki/.ssh/domain.pub.
  The key fingerprint is:
  SHA256:Wvr9c6xt/Kc/XxxxxxxxxxxxCvt2Nxxxxx/XyzyWsVo user@domain.com
  The key's randomart image is:
  +---[RSA 4096]----+
  |                 |
  |                 |
  |                 |
  |                 |
  |       .S  .     |
  |       +o o   +. |
  |      oo ... O.E=|
  |      .+o+ =oo&X=|
  |     .o =+=.*XX&O|
  +----[SHA256]-----+
  $
1 I use the domain name of my account to make it easier to identify the keys in my .ssh directory

2. Add your SSH key to GitLab

Now that you have a new, project specific ssh key, you’ll need to add it to your GitLab account. You can just open your ~/.ssh/domain.pub file and copy it or you can use the pbcopy command to copy the contents of the file directly into your paste buffer. Either way, once you’ve copied the contents of your domain.pub key, you need to add it to GitLab:

1
2
3
4
5
6
7
pbcopy < ~/.ssh/domain.pub  (1)
  open https://gitlab.com    (2)
  over on gitlab.com -> click your profile icon, located at the top right of the screen
  Select "Settings"
  Select "SSH Keys" on the left menu
  In the "Key" text box, paste the key you just copied in step 1 above
  Click "Add key"
1 the less than symbol (<) opens the file ~/.ssh/domain.pub and attaches it to stdin which enables pbcopy to copy your public key
2 opens the URL in your default browser - Mac only I think (not sure if there’s an equivalent on Windows)

3. Add your SSH key to the ssh-agent

Next you’ll want to load your ssh key into your terminal session, you can do that with the ssh-add command:

1
2
3
4
$ ssh-add -D  (1)
  All identities removed.
  $ ssh-add ~/.ssh/domain  (2)
  Identity added: /Users/chrismaki/.ssh/domain (/Users/chrismaki/.ssh/domain)
1 ssh-add -D will remove ALL keys you have loaded
2 this loads the ssh key domain

4. Configure your ssh-agent

Next you need to add an entry in your ~/.ssh/conf file, whether you have this file or not, the following command will create or append a host entry for you:

1
2
3
4
5
6
cat << EOF >> ~/.ssh/config
Host gitlab.com-domain        (1)
     HostName gitlab.com
     User git
     IdentityFile ~/.ssh/domain (2)
EOF
1 this is our git repo at gitLab.com, we added -domain to the end
2 here’s where we connect our new ssh key with git repo

5. Checkout your repo

If we have more than one project for a given git repository, one can be your "default" and the other will need to use the gitlab.com-xxx syntax. For you non-default repositories, you’ll need to use a slight different hostname for the repository so ssh can use the appropriate SSH key. Here’s how we would clone repositories for domain.com

1
2
3
4
5
6
7
8
9
$ git clone git@gitlab.com-domain:project/repository.git
  Cloning into 'repository'...
  remote: Enumerating objects: 1022, done.
  remote: Counting objects: 100% (1022/1022), done.
  remote: Compressing objects: 100% (491/491), done.
  remote: Total 1022 (delta 45), reused 906 (delta 32)
  Receiving objects: 100% (1022/1022), 165.60 KiB | 811.00 KiB/s, done.
  Resolving deltas: 100% (451/451), done.
  $

When you checkout repositories for domain.com you’ll need to use the host gitlab.com-domain instead of just gitlab.com, you are now set.

This blog post is a summary of what I did following this post.

Updates

  1. 2/05/19 - move from WordPress to Hugo

  2. 2/15/19 - updated all formatting with move to full hugo site

comments powered by Disqus