When managing multiple GitHub repositories from a single server, you might need different SSH keys for each repo. The standard SSH configuration doesn't easily support multiple identity files for the same hostname (like github.com). Here's why your attempts failed:
# This WON'T work - last entry overwrites previous ones
Host github.com
IdentityFile /path/to/key1
Host github.com
IdentityFile /path/to/key2
The proper approach is to create host aliases in your SSH config. Here's how to set it up:
# ~/.ssh/config
Host github-project1
HostName github.com
User git
IdentityFile ~/.ssh/project1_deploy_key
IdentitiesOnly yes
Host github-project2
HostName github.com
User git
IdentityFile ~/.ssh/project2_deploy_key
IdentitiesOnly yes
For a concrete example with GitHub deployment keys:
# Generate keys (if you haven't already)
ssh-keygen -t ed25519 -f ~/.ssh/project1_deploy_key -C "project1@server"
ssh-keygen -t ed25519 -f ~/.ssh/project2_deploy_key -C "project2@server"
# Configure SSH
cat >> ~/.ssh/config <<EOF
Host github-project1
HostName github.com
User git
IdentityFile ~/.ssh/project1_deploy_key
IdentitiesOnly yes
Host github-project2
HostName github.com
User git
IdentityFile ~/.ssh/project2_deploy_key
IdentitiesOnly yes
EOF
# Set permissions
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/*_deploy_key
When cloning or working with repositories, replace github.com with your alias:
# Instead of:
git clone git@github.com:user/repo1.git
# Use:
git clone git@github-project1:user/repo1.git
# For existing repos, update remote URL:
git remote set-url origin git@github-project1:user/repo1.git
When working with multiple deployment keys:
- Always use
IdentitiesOnly yesto prevent SSH from trying other keys - Set strict file permissions (600 for keys and config)
- Consider using a passphrase for additional security
- Regularly rotate deployment keys
If you encounter problems:
# Test connection with verbose output
ssh -Tv git@github-project1
# Verify which key is being used
ssh -v git@github-project1 2>&1 | grep "Offering public key"
# Check for permission issues
ls -la ~/.ssh/
Remember that GitHub will only accept one deployment key per repository, so make sure each key is properly registered in the repository settings.
When managing multiple GitHub repositories from a single server, each requiring unique deployment keys, you'll encounter SSH's default behavior of using only the first matching IdentityFile for a host. This creates conflicts when you need distinct authentication for different projects accessing github.com.
The most effective approach is to create host aliases in your SSH config. Here's how to set it up properly:
# ~/.ssh/config or /etc/ssh/ssh_config
Host github-project1
HostName github.com
User git
IdentityFile ~/.ssh/project1_deploy_key
IdentitiesOnly yes
Host github-project2
HostName github.com
User git
IdentityFile ~/.ssh/project2_deploy_key
IdentitiesOnly yes
- IdentitiesOnly yes: Forces SSH to use only the specified identity file
- Host aliases: Create logical separation while pointing to the same actual host
- User git: Required for GitHub SSH connections
Instead of using the standard github.com URL, clone repositories using your aliases:
git clone git@github-project1:organization/project1.git
git clone git@github-project2:organization/project2.gitUse ssh -T to verify each connection works with its designated key:
ssh -T git@github-project1
ssh -T git@github-project2For complex scenarios with multiple identities, consider these additions:
Host github-*
ForwardAgent no
AddKeysToAgent no
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts.github- Ensure key permissions: chmod 600 ~/.ssh/*_deploy_key
- Verify ssh-agent isn't interfering: ssh-add -l
- Increase verbosity: ssh -vT git@github-project1