Specifying Different SSH Keys for Git Push to the Same Domain

Keywords: SSH Configuration | Git Push | Multi-Key Management | Identity Authentication | Gitolite

Abstract: This technical paper provides a comprehensive solution for configuring distinct SSH keys when pushing to the same Git domain. It explores SSH configuration mechanisms, demonstrates Host alias implementation, and emphasizes the critical IdentitiesOnly option. The article includes detailed examples, best practices, and comparative analysis of alternative approaches for effective multi-key management in Git operations.

Problem Context and Challenges

In collaborative Git development environments, there is often a need to push code to the same Git server using different identities. For instance, administrators require access to gitolite-admin repositories while developers work on their own projects. Since SSH authentication relies on user and hostname combinations, traditional ~/.ssh/config configurations cannot directly distinguish between identities when these parameters are identical.

SSH Configuration Solution

This challenge can be elegantly resolved by creating virtual Host aliases. Below is a complete configuration example:

Host gitolite-admin
  HostName git.company.com
  User git
  IdentityFile /home/user/.ssh/id_rsa.admin
  IdentitiesOnly yes

Host gitolite-developer
  HostName git.company.com
  User git
  IdentityFile /home/user/.ssh/id_rsa.developer
  IdentitiesOnly yes

Key Configuration Parameters

Host Alias: Creates unique identifiers for reference in Git remote URLs.

IdentityFile: Specifies the path to the corresponding private key file, ensuring proper identity authentication.

IdentitiesOnly yes: This is a crucial configuration that prevents the SSH client from attempting to use default keys. Since the IdentityFile option appends to the identity list rather than replacing it, this setting ensures only explicitly specified keys are used.

Git Remote Repository Configuration

After configuration, use the corresponding Host aliases when setting up Git remote repositories:

git remote add admin git@gitolite-admin:gitolite-admin.git
git remote add project git@gitolite-developer:some_repo.git

SSH Key Management Best Practices

Generate separate key pairs for each identity:

ssh-keygen -t rsa -b 4096 -C "admin@company.com" -f ~/.ssh/id_rsa.admin
ssh-keygen -t rsa -b 4096 -C "developer@company.com" -f ~/.ssh/id_rsa.developer

Alternative Approach Comparison

Beyond SSH configuration, Git local configuration provides another option:

git config --local core.sshCommand 'ssh -i ~/.ssh/id_rsa.specific'

This method suits repository-specific configurations but lacks the flexibility and reusability of the SSH configuration approach.

Security Considerations

Ensure private key files have 600 permissions to prevent unauthorized access:

chmod 600 ~/.ssh/id_rsa.*

Regularly rotate keys and verify public keys are properly deployed to corresponding user accounts on the Git server.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.