How to have multiple SSH keys whilst using the 1Password Agent
I have a bit of a niche use case when using my laptop; I want to be able to access repositories GitHub.com via SSH but using different user accounts.
This requires multiple SSH keys to switch between to access different repositories. The “easy” (but less secure) way is to have both sets of private SSH keys on disk and use SSH config to select the correct identity file.
Quote note on examples: they’re based on you using MacOS but might apply to Linux/WSL - however, I haven’t tested it!
The ‘easy’ but insecure way #
In your ~/.ssh/config
file.
Host github-as-user1.com
HostName github.com
User git
IdentityFile ~/.ssh/user1
Host github-as-user2.com
HostName github.com
User git
IdentityFile ~/.ssh/user2
Then to test and use in a real repo:
ssh git@github-as-user1.com
git remote add origin git@github-as-user1.com:user1/private-repo.git
You should see the following successful result:
Hi user1! You’ve successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
The secure way #
I don’t want my private SSH keys stored on disk without a password, and adding a password to them is tedious to type every time. Yes, I could have my SSH agent remember my passphrase - but then I have the data portability issue. My private keys are only on 1 machine, and if I lose them I have to create them all over again.
Enter 1Password and the 1Password SSH Agent. There are good instructions from 1Password on multiple GitHub accounts.
- Add your SSH keys to “Personal Vault” in 1Password (it has to be the personal vault!)
- Enable the 1Password SSH Agent in settings
- Keep hold of the public key (or download it from 1Password vault)
- Update your
~/.ssh/config
:
Host github-as-user1.com
HostName github.com
User git
IdentityFile ~/.ssh/user1.pub
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
Host github-as-user2.com
HostName github.com
User git
IdentityFile ~/.ssh/user2.pub
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
I found I also had to add the IdentityAgent
, in addition to the 1Password instructions, to make this all work.
Good luck!