Specify an SSH key for git push for a given domain

Question

I have the following use case  I would like to be able to push to git git company com gitolite-admin using the private key of user gitolite-admin  while I want to push to git git company com some repo using  my own  private key  AFAIK  I can t solve this using    ssh config  because the user name and server name are identical in both cases  As I mostly use my own private key  I have that defined in    ssh config for git git company com  Does anyone know of a way to override the key that is used for a single git invocation    Aside  gitolite distinguishes who is doing the pushing based on the key  so it s not a problem  in terms of access  ownership and auditing  that the user server string is identical for different users

User · Answer

One Unix based systems  Linux  BSD  Mac OS X   the default identity is stored in the directory  HOME  ssh  in 2 files   private key   HOME  ssh id rsa public key    HOME  ssh id rsa pub  When you use ssh without option -i  it uses the default private key to authenticate with remote system   If you have another private key you want to use  for example  HOME  ssh deploy key  you have to use ssh -i    ssh deploy key      It is annoying  You can add the following lines in to your  HOME  bash profile    ssh-add    ssh deploy key ssh-add    ssh id rsa   So each time you use ssh or git or scp  basically ssh too   you don t have to use option -i anymore    You can add as many keys as you like in the file  HOME  bash profile

User · Answer

Even if the user and host are the same  they can still be distinguished in    ssh config   For example  if your configuration looks like this   Host gitolite-as-alice   HostName git company com   User git   IdentityFile  home whoever  ssh id rsa alice   IdentitiesOnly yes  Host gitolite-as-bob   HostName git company com   User git   IdentityFile  home whoever  ssh id dsa bob   IdentitiesOnly yes   Then you just use gitolite-as-alice and gitolite-as-bob instead of the hostname in your URL   git remote add alice git gitolite-as-alice whatever git git remote add bob git gitolite-as-bob whatever git   Note  You want to include the option IdentitiesOnly yes to prevent the use of default ids  Otherwise  if you also have id files matching the default names  they will get tried first because unlike other config options  which abide by  first in wins   the IdentityFile option appends to the list of identities to try  See  https   serverfault com questions 450796 how-could-i-stop-ssh-offering-a-wrong-key 450807 450807

User · Answer

One possibility to use    ssh config is to use the Match restriction instead of the Host restriction  In particular Match Exec calls a shell command to decide whether to apply the declarations or not  In bash you could use the following command     git git company com gitolite-admin     git config --get remote origin url        This uses the bash   command to verify if two strings are equal  In this case it is testing if the string git git company com gitolite-admin matches the output that is obtained from the   git config --get remote origin url    command   You can use any other command that identifies the repository that the shell is on  For this to work it is important to have the  SHELL variable defined to your shell  in my case  bin bash  The full example would then be the following    ssh config   Match Exec    git git company com gitolite-admin     git config --get remote origin url         IdentityFile    ssh gitolite-admin   IdentitiesOnly yes   ForwardAgent no   ForwardX11 no   ForwardX11Trusted no  Match Exec    git git company com some repo     git config --get remote origin url         IdentityFile    ssh yourOwnPrivateKey   IdentitiesOnly yes   ForwardAgent no   ForwardX11 no   ForwardX11Trusted no   In this example I assumed that    ssh yourOwnPrivateKey contains your own private key and that    ssh gitolite-admin contains the private key of the user gitolite-admin  I included the IdentitiesOnly yes declaration to make sure that only one key is offered to the git server  mentioned by Mark Longair  The other declarations are just standard ssh options for git   You can add this configuration if you have several some repo that you want to use with different keys  If you have several repositories at git git company com and most of them use the    ssh yourOwnPrivateKey it makes more sense to include this key as default for the host  In this case the    ssh config would be   Match Exec    git git company com gitolite-admin     git config --get remote origin url         IdentityFile    ssh gitolite-admin   IdentitiesOnly yes  Host git company com   IdentityFile    ssh yourOwnPrivateKey   IdentitiesOnly yes   ForwardAgent no   ForwardX11 no   ForwardX11Trusted no   Note that the order matters and the Host git company com restriction should appear after the Match Exec one or ones

User · Answer

If using Git s version of ssh on windows  the identity file line in the ssh config looks like  IdentityFile  c Users Whoever  ssh id rsa alice   where  c is for c   To check  in git s bash do  cd    ssh pwd

User · Answer

An alternative approach to the one offered above by Mark Longair is to use an alias that will run any git command  on any remote  with an alternative SSH key  The idea is basically to switch your SSH identity when running the git commands   Advantages relative to the host alias approach in the other answer    Will work with any git commands or aliases  even if you can t specify the remote explicitly  Easier to work with many repositories because you only need to set it up once per client machine  not once per repository on each client machine    I use a few small scripts and a git alias admin  That way I can do  for example   git admin push    To push to the default remote using the alternative   admin   SSH key  Again  you could use any command  not just push  with this alias  You could even do git admin clone     to clone a repository that you would only have access to using your  admin  key   Step 1  Create the alternative SSH keys  optionally set a passphrase in case you re doing this on someone else s machine   Step 2  Create a script called    ssh-as sh    that runs stuff that uses SSH  but uses a given SSH key rather than the default      bin bash exec ssh   SSH KEYFILE -i   SSH KEYFILE          Step 3  Create a script called    git-as sh    that runs git commands using the given SSH key      bin bash SSH KEYFILE  1 GIT SSH   BASH SOURCE     ssh-as sh exec git      2     Step 4  Add an alias  using something appropriate for    PATH TO SCRIPTS DIR    below      Run git commands as the SSH identity provided by the keyfile    ssh admin git config --global alias admin    PATH TO SCRIPTS DIR git-as sh    ssh admin    More details at  http   noamlewis wordpress com 2013 01 24 git-admin-an-alias-for-running-git-commands-as-a-privileged-ssh-identity

User · Answer

You can utilize git environment variable GIT SSH COMMAND  Run this in your terminal under your git repository   GIT SSH COMMAND  ssh -i    ssh your private key  git submodule update --init   Replace    ssh your private key with the path of ssh private key you wanna use  And you can change the subsequent git command  in the example is git submodule update --init  to others like git pull  git fetch  etc

User · Answer

Another alternative is to use ssh-ident  to manage your ssh identities   It automatically loads and uses different keys based on your current working directory  ssh options  and so on    which means you can easily have a work  directory and private  directory that transparently end up using different keys and identities with ssh

User · Answer

I am using Git Bash on Win7  The following worked for me   Create a config file at    ssh config or c  users  your user name   ssh config  In the file enter   Host your host com      IdentityFile  absolute path to your  ssh  id rsa   I guess the host has to be a URL and not just a  name  or ref for your host  For example   Host github com      IdentityFile c  users  user name   ssh id rsa   The path can also be written in  c users  user name       format  The solution provided by Giordano Scalzo is great too  https   stackoverflow com a 9149518 1738546

User · Answer

I ve cribbed together and tested with github the following approach  based on reading other answers  which combines a few techniques    correct SSH config git URL re-writing   The advantage of this approach is  once set up  it doesn t require any additional work to get it right - for example  you don t need to change remote URLs or remember to clone things differently - the URL rewriting makes it all work      ssh config    Personal GitHub Host github com   HostName github com   User git   AddKeysToAgent yes   UseKeychain yes   IdentityFile    ssh github id rsa    Work GitHub Host github-work   HostName github com   User git   AddKeysToAgent yes   UseKeychain yes   IdentityFile    ssh work github id rsa  Host     IdentitiesOnly yes      gitconfig   user      name   My Name     email   personal personal email   includeIf  gitdir   dev work        path     dev work  gitconfig   url  github-work work-github-org        insteadOf   git github com work-github-org      dev work  gitconfig   user      email   work work email   As long as you keep all your work repos under   dev work and personal stuff elsewhere  git will use the correct SSH key when doing pulls clones pushes to the server  and it will also attach the correct email address to all of your commits   References    1 2

User · Answer

As someone else mentioned  core sshCommand config can be used to override SSH key and other parameters   Here is an exmaple where you have an alternate key named    ssh workrsa and want to use it for all repositories cloned under   work    Create a new  gitconfig file under   work     core    sshCommand    ssh -i    ssh workrsa     In your global git config    gitconfig  add     includeIf  gitdir   work      path     work  gitconfig

User · Answer

You might need to remove  or comment out  default Host configuration

User · Answer

To use a specific key on the fly  GIT SSH COMMAND  ssh -i  HOME  ssh id ed25519 -o IdentitiesOnly yes -F  dev null  git push origin c13 training network  Explanation   local ENV var before doing the push -i specifies key -F forces an empty config so your global one doesn t overwrite this temporary command

User · Answer

you most specified in the file config key ssh     Default GitHub user Host one  HostName gitlab com  User git  PreferredAuthentications publickey  IdentityFile    ssh key-one  IdentitiesOnly yes   two user Host two  HostName gitlab com  User git  PreferredAuthentications publickey  IdentityFile    ssh key-two  IdentitiesOnly yes

User · Answer

Configure your repository using git config  For example   git config --add --local core sshCommand  ssh -i    ssh  lt  lt  lt PATH TO SSH KEY gt  gt  gt

User · Answer

From git 2 10 upwards it is also possible to use the gitconfig sshCommand setting  Docs state        If this variable is set  git fetch and git push will use the specified command instead of ssh when they need to connect to a remote system  The command is in the same form as the GIT SSH COMMAND environment variable and is overridden when the environment variable is set    An usage example would be  git config core sshCommand  ssh -i    ssh  insert your keyname   In some cases this doesn t work because ssh config overriding the command  in this case try ssh -i    ssh  insert your keyname  -F  dev null to not use the ssh config

[git] Specify an SSH key for git push for a given domain

Examples related to git

Examples related to ssh

Examples related to gitolite