30

I have multiple ssh config folders for various systems e.g.:

ssh -F ~/.ssh/system-a/config user@system-a
ssh -F ~/.ssh/system-b/config user@system-b

Each folder has a config file and set of identity files like so

Host system-a
    HostName <some_hostname>
    User <some_username>
    IdentityFile ~/.ssh/system-a/keys/system-a.pem

How do tell git to use a certain ssh config file or a certain ssh key when performing git tasks?

Ideally I would like to do this per git project if I can.

Jakuje
  • 24,773
  • 12
  • 69
  • 75
pfwd
  • 1,088
  • 1
  • 11
  • 22
  • http://superuser.com/questions/232373/how-to-tell-git-which-private-key-to-use goes over how to tell git which ssh key to use. – therobinkim Dec 19 '16 at 09:44
  • 1
    Possible duplicate of [Specify an SSH key for git push for a given domain](http://stackoverflow.com/questions/7927750/specify-an-ssh-key-for-git-push-for-a-given-domain) – umläute Dec 19 '16 at 09:53
  • 1
    @therobinkim nope, that explains how to make a segment for GitHub, not how to make git use a specific config file. – 1615903 Dec 19 '16 at 10:01
  • @pfwd did you by chance forget to accept the answer that fits your needs? – umläute Apr 30 '21 at 07:46

4 Answers4

28

on command-line you can change your Git config for the current repository:

git config core.sshCommand "ssh -F ~/.ssh/system-a/config"

or in .git/config in your local repository to the [core] section:

sshCommand = "ssh -F ~/.ssh/system-a/config"

This works only with git 2.10 and newer. Otherwise, it needs to be set up using environment variable $GIT_SSH_COMMAND, for example like:

GIT_SSH_COMMAND="ssh -F ~/.ssh/system-a/config" git pull
Fabian Kleiser
  • 2,988
  • 3
  • 27
  • 44
Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • 1
    @AndrejsCainikovs Thanks for correction. I did't find the actual release notes and 2.9 did not have this feature. – Jakuje Dec 19 '16 at 10:08
  • I like to add the reference to the identify file I created for the GitHub repo directly so I use the -i option to ssh in the .git/config file. sshCommand = "ssh -i ~/.ssh/github_reponame_rsa" – WeakPointer Apr 25 '19 at 15:22
  • 1
    Alternative, as for some reasons -F configuration did not work for me (git 2.25), I specified the ssh key directly using the -i option. – Ingo Steinke Oct 14 '21 at 15:44
16

As Andrejs Cainikovs and Jakuje have pointed out, it is possible to use multiple ssh-config files with a recent enough git.

However, you can achieve virtually the same results with a single ssh-config file with multiple configurations, possibly all referring to a single real host:

Host SOMELABEL
    HostName <some_hostname>
    User <some_username>
    IdentityFile ~/.ssh/system-a/keys/system-a.pem

Host OTHERLABEL
    HostName <other_hostname>
    User <other_username>
    IdentityFile ~/.ssh/system-b/keys/system-a.pem

and then clone the repos like:

  git clone SOMELABEL:foo/bar.git
  git clone OTHERLABEL:frobnozzel.git

This will use <some_username>@<some_hostname> with the ssh-key in ~/.ssh/system-a/keys/system-a.pem for the bar repository, whereas it will use <other_username>@<other_hostname> with the ssh-key in ~/.ssh/system-b/keys/system-a.pem for the frobnozzel repository.

Wolf
  • 9,679
  • 7
  • 62
  • 108
umläute
  • 28,885
  • 9
  • 68
  • 122
  • @AndrejsCainikovs i stand corrected (and have updated my answer); i still don't understand *why* multiple ssh-config-files would be preferred over a single one (but of course that's up to the @pfwd) – umläute Dec 19 '16 at 10:26
  • Of course, having a single `~/.gitconfig` and `~/.ssh/config` is the way to go. But I think the OP hit the corner case. Perhaps test automation, or something... – Andrejs Cainikovs Dec 19 '16 at 12:26
  • @umläute Its just the way I prefer to work. I like having separate config files and directories for my projects instead of lumping them all together – pfwd Dec 20 '16 at 10:24
  • @umläute thank you for actually listing the `git clone` command. No other related answer does :) – rjurney Sep 24 '20 at 15:59
  • 2
    That works, however you have to recognize that in order to use the `git@github.com` clone address, you must use the hostname of the address and the `git` user in your config file, so the `Host` directive should be set to `github.com` and the `User` directive should be set to `git` - otherwise you will not be able to clone using the `git@github.com` directive - same goes for other git remote addresses/hostnames. – Arcsector Feb 09 '22 at 23:04
  • sure, that's why i was using placeholders; also this question is not about github specifically but about using git+ssh in general. i don't think it would help much if i listed all the possible username/hostname combinations. – umläute Feb 10 '22 at 07:59
11

I wanted to hook into this topic, because I have recently been trying to solve this without having to do a git config core.sshCommand every new release I clone

So, for that I extended a bit on the implementation from Jakuje

I have two gitlab accounts. One is for work, with my work email, and one is personal, with my personal email.

For this I have two different private keys:

  • personal: ~/.ssh/keys/personal.id_rsa
  • work: ~/.ssh/keys/work.id_rsa

Now, I have a global git configuration located at ~/.gitconfig and an alternative configuration located at ~/work.gitconfig. The work git configurations only contains settings that are different than the global configuration.

So in this scenario,

~/work.gitconfig

[core] 
    sshCommand = ssh -i ~/.ssh/keys/work.id_rsa

and all my work related repositories I clone into ~/source/work

The magic then happens in my ~/.gitconfig. I included the following section (git includeIf:

[includeIf "gitdir:~/source/work/**"]
    path="~/work.gitconfig"

Now, this will tell git to include my work git configuration for all repos that are in ~/source/work. This configuration will then automagically set the ssh key used when pushing/pulling to the one I use for my work repos.

All you need to make sure is to clone into the right folder.

You can combine this with using a generic ssh config.

Host gitlab.com
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/keys/personal.id_rsa

By default git will use the personal.id_rsa (personal account), except when the repo is in the work directory, then the work account is used (based on ssh key).

Rik
  • 3,647
  • 2
  • 25
  • 34
  • 3
    This answer should be higher - [includeIf "glob_pattern"] is genius and solve my case completely without the need for additional configuration/tools. – srigi Oct 13 '22 at 13:37
1

git 2.10+

Check Jakuje answer.

git 2.9-

Use core.gitproxy pointing to the custom script that does the magic.

Community
  • 1
  • 1
Andrejs Cainikovs
  • 27,428
  • 2
  • 75
  • 95