How to have multiple SSH keys whilst using the 1Password Agent

I have a bit of a niche use case when using my laptop; I want to be able to access repositories GitHub.com via SSH but using different user accounts.

This requires multiple SSH keys to switch between to access different repositories. The “easy” (but less secure) way is to have both sets of private SSH keys on disk and use SSH config to select the correct identity file.

Quote note on examples: they’re based on you using MacOS but might apply to Linux/WSL - however, I haven’t tested it!

The ‘easy’ but insecure way #

In your ~/.ssh/config file.

Host github-as-user1.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/user1

Host github-as-user2.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/user2

Then to test and use in a real repo:

ssh git@github-as-user1.com
git remote add origin git@github-as-user1.com:user1/private-repo.git

You should see the following successful result:

Hi user1! You’ve successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

The secure way #

I don’t want my private SSH keys stored on disk without a password, and adding a password to them is tedious to type every time. Yes, I could have my SSH agent remember my passphrase - but then I have the data portability issue. My private keys are only on 1 machine, and if I lose them I have to create them all over again.

Enter 1Password and the 1Password SSH Agent. There are good instructions from 1Password on multiple GitHub accounts.

  1. Add your SSH keys to “Personal Vault” in 1Password (it has to be the personal vault!)
  2. Enable the 1Password SSH Agent in settings
  3. Keep hold of the public key (or download it from 1Password vault)
  4. Update your ~/.ssh/config:
Host github-as-user1.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/user1.pub
    IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

Host github-as-user2.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/user2.pub
    IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"

I found I also had to add the IdentityAgent, in addition to the 1Password instructions, to make this all work.

Good luck!

 
0
Kudos
 
0
Kudos

Now read this

Introduction to Information Security - Video Script

I recently published a video, and one of my first talking-head style videos, on a quick introduction to information security. Here’s the original script I wrote to help me record the video. Script # Hey folks! I wanted to talk security... Continue →