Comments on: GitHub / SSH with multiple identities; the slightly-more-definitive guide /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/ sealed abstract class drew {} Sun, 27 Mar 2016 22:51:38 +0000 hourly 1 By: Fraxtil /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-8143 Mon, 10 Jun 2013 05:36:30 +0000 /?p=1025#comment-8143 Thank you for this! The IdentitiesOnly line worked perfectly.

By: Ben /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7851 Sun, 17 Feb 2013 11:06:53 +0000 /?p=1025#comment-7851 That is so awesome.
Had been starting at the -vvv output for so long..

Weird design ssh folks..

Thanks a mil Drew

By: John Weis /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7804 Tue, 15 Jan 2013 19:10:25 +0000 /?p=1025#comment-7804 I tried the IdentitiesOnly trick above, but I was still seeing the problem.

$ ssh -vvv pwd 2> >(grep -i offer)
debug1: Offering RSA public key: /Users/jweis/.ssh/id_rsa

When I commented the line
# IdentityFile ~/.ssh/id_rsa
in my /etc/ssh_config, everything worked fine.

(I’m on a mac.)

Thanks for pointing me in the right direction!

By: Vid /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7765 Fri, 30 Nov 2012 07:00:20 +0000 /?p=1025#comment-7765 Thanks Drew, helpful info.
IdentitiesOnly was just what I needed. I can now authenticate just fine with ForwardAgent “yes”.

On my work machine I have the added benefit of being able to pull from my git repo. All my ssh public keys are still forwarded but it seems as if the one specified in the IdentityFile line is prioritized. i.e. it shows up on top. Verified when I run ssh-add -l on the remote site.

At home, however; on an older version of Mac OS and MacPorts OpenSSH while I can authenticate file I can’t pull from my repo on certain servers as the ssh keys are in their local default order. My current solution is to delete all my keys $ ssh-add -d ~/.ssh/* and then re-add them in the order I want to use them; specifying the password for each one. Not ideal… The key order also seems to reset itself on OS restart as well.

@Curt, if you could release your solution that would be awesome. I’m looking at a similar sounding solution on StackExchange’s ServerFault: “Choose identity from ssh-agent by file name” –
There leoluk uses a python script parse out all the ssh keys and choose only the one specified in the identity file when forwarding an agent.

By: Curt Sampson /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7669 Mon, 30 Jul 2012 00:30:03 +0000 /?p=1025#comment-7669 Yes, the ssh_config(5) manual page is quite important. It is mentioned in the “SEE ALSO” section of the ssh(1) manual page.

I have to deal with using multiple ssh keys for different reasons. (These are security-related; there are certain hosts I use which should have access only to keys specific to a client, not to my personal keys, thus I want to make sure I never forward authentication using my standard ssh-agent to them.) My solution is to use separate agents for this; I have a wrapper for the ssh/slogin command that, based on the host to which I’m connecting, will find the correct one of several existing ssh agents to use or start a new one if necessary.

I suppose if there’s demand I could could clean this up and release it.

By: Jason Creel /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7600 Mon, 02 Jul 2012 03:47:25 +0000 /?p=1025#comment-7600 Thanks for the helpful article. I’ve been battling this same issue for a few days now.

Finally got things committed with the correct user by changing the email address on my global git-config file. It’s working for the moment, but will probably be borked when I get back to work. Wondering if I can override global config settings on a per repository basis….

By: Chase Stubblefield /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7587 Tue, 19 Jun 2012 00:00:26 +0000 /?p=1025#comment-7587 So glad to find this article, to confirm I wasn’t going crazy.

I ran into the same exact issue, and found the “IdentitiesOnly yes” to be the solution.

It appears the order in which it tries keys is:
1. agent identities
2. -i arguments
3. config files
4. default (~/.ssh{identity,id_dsa,id_rsa})

When, ideally, I would want it to be:
1. -i arguments
2. config files
3. agent identities
4. default

By: Kevin Pulo /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7582 Thu, 24 May 2012 04:32:01 +0000 /?p=1025#comment-7582 This is fine, but in my case I want to run git on a remote host that I have forwarded my agent to… Now both of my github identities are in my agent, I have no private keys on the remote host (and don’t want to put them there), and absolutely no way to choose which agent id to use. For such a critically important piece of software, OpenSSH sure is infuriating sometimes.

By: Dan /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7533 Sat, 03 Mar 2012 23:16:07 +0000 /?p=1025#comment-7533 Thanks for writing this, it’s exactly what I was looking for.

Also, just as an example for those who want to do this entirely from the command line:
ssh -o “IdentitiesOnly yes” -i id_pub hostname

By: ktu /code/github-ssh-with-multiple-identities-the-slightly-more-definitive-guide/comment-page-1/#comment-7527 Wed, 29 Feb 2012 02:28:53 +0000 /?p=1025#comment-7527 you my friend, pointed me in the direction i needed to go. thank you
for me this worked:


Host [personal]
User git
IdentityFile “[personal]\id_rsa”
IdentitiesOnly yes

Host [company]
User git
IdentityFile “[company]\id_rsa”
IdentitiesOnly yes

git clone [personal]:GitHubUser/repo folder