GitHub Error: Key already in use

Question

I have created two GitHub accounts. One for my work user and one for my personal self. I needed to do catch up on some work and as such cloned my work repo onto my personal PC. In order to do simple "git push origin master" commits without entering my username and password the whole time I simply want to add my public key from my home pc to the work repo. However Github gives this error:

Error: Key already use

After a bit of Googling I came across this link which states "To resolve the issue, remove the key from the other account or repository and add it to your account" Of course there is a duplicate key as I've added my home public key to github so that I can code on my own personal projects. After all I want to be able to code to my work repo using both my work pc and personal pc.

How can you add multiple "same" public keys without Github throwing that error and also why in the world, is that error thrown in the first place?

Why do you need the same keys? Just create a new key and connect it to your account. — PeeHaa, Jan 16 '14 at 11:43
just create an other key pair, and keep it locally, and public part of the second pair put into github's other account — Малъ Скрылевъ, Jan 16 '14 at 11:43
GitHub will use the key as means to identify you when you connect to them via SSH. As such, you cannot have multiple accounts with the same key, as GitHub won’t be able to tell then which of your accounts you want to use. — poke, Jan 16 '14 at 12:05
@Poke, really, thanks for that. Question, wouldn't it just be easier to simply set which "account" I'm using somewhere in the .git/config file instead of generating all these extra keys? — John Crawford, Jan 16 '14 at 12:09
Usually you are not expected to have multiple accounts in the first place. You can use organizations to manage multiple different “sets” or repositories, while having only a single user account. — poke, Jan 16 '14 at 12:16
If you have two accounts then an easy solution is just to add your second github user as a collaborator to the project, which is owned by your first github user. The owner of the project then needs to go the `github project > settings > Collaborators > Add User`. Add the second github user. The second github user can then accept to be added to the project and you can now clone and edit the project using the second github user. But: This reolution requires that you "own" the project. — dennis, Jul 31 '23 at 12:40

score 172 · Answer 1 · edited Jul 27 '23 at 13:51

172

You can create one more key pair, say id_rsa_personal.pub, and add it to the Github account.

Next, create/edit the .ssh/config file.

# Default GitHub
Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa

Host github-public
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_public

Host github-personal
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_personal

The above file will help you to use more than one Github account. For background info, refer to the answers to this question.

Next, you will need to alter your .git/config remote url to point to:

github-personal:<gh_username>/<gh_reponame>.git

Rather than the usual:

git@github.com:<gh_username>/<gh_reponame>.git

edited Jul 27 '23 at 13:51

Eugen Konkov

22,193
17
108
158

answered Jan 16 '14 at 11:56

Bijendra

9,467
8
39
66

This didn't seem to work. I still get the permission denied. This is what my ~/.ssh/config file looks like: http://pastebin.com/JNiTUbVU – John Crawford Jan 16 '14 at 12:41
And have you added `~/.ssh/id_rsa.pub` for company user, and `~/.ssh/John.pub` for yourself? But anyway, the correct approach is not to create the specifc user for company, but organization. – Малъ Скрылевъ Jan 16 '14 at 13:01
Take your bounty! You deserve it for formulating the answer so easyily. – Keval Domadia Sep 02 '19 at 08:47
2

Quoting a comment in the other [linked answers](https://stackoverflow.com/questions/2419566/best-way-to-use-multiple-ssh-private-keys-on-one-client), "Note that you can also specify multiple IdentityFile entries for the same Host, which are then tried in order when connecting". With this approach, you do not have to create another different config entry (e.g "github.com-personal") for the same hostname (e.g "github.com") in the `~/.ssh/config file`. Just add another `IdentityFile ~/.ssh/id_rsa_personal` line under the `IdentityFile ~/.ssh/id_rsa` and add the new key to the new github account – NwosuCC Oct 28 '19 at 18:23
For anyone else getting "Bad owner or permissions on ~/.ssh/config" after following the steps here (especially if you had to create the .ssh/config file from scratch), make sure the file has read only permissions with `chmod 600 ~/.ssh/config` and that it the current user is the owner with `sudo chown $USER ~/.ssh/config`. [See this serverfault answer for more details](https://serverfault.com/a/253314/547771). – Rob Streeting Dec 23 '19 at 11:56
2

@NwosuCC Having multiple IdentityFiles doesn't work in the dual git account case, because ssh will retry until one key is accepted. Since both keys are accepted by github.com, ssh will stop at the first one. After this authentication, git proceeds to try to access some resource on the host, and only at this point does the authentication fail. As far as ssh is concerned, the operation was successful. Unfortunately. – Alexander Torstling Feb 06 '20 at 10:11
@Bijendra - can you please add steps for creating new SSH key pair with commands? – Harshita Mar 05 '21 at 06:23
@Harshita ssh-keygen should be enough to create one. Read this https://www.ssh.com/ssh/keygen/ – Bijendra Mar 08 '21 at 04:18
1

@Bijendra Thanks. I was asking for this command to create a new SSH key pair - ssh-keygen -t rsa -b 4096 -f /home/my/.ssh/id_rsa_new – Harshita Mar 08 '21 at 07:57
No need to use `git@` user name at url if it was configure at `.ssh/config`. Fixed. – Eugen Konkov Jul 27 '23 at 13:52

makevoid · Accepted Answer · 2021-08-25T14:54:56.537

50

The key could be already in use on other github projects as deploy key, that's a bit tricky to find but run:

ssh -T -ai ~/.ssh/KEY_NAME git@github.com

change KEY_NAME with the name of your SSH private key and you will be good to go

from: https://help.github.com/articles/error-key-already-in-use/#finding-where-the-key-has-been-used

edited Aug 25 '21 at 14:54

answered Nov 11 '15 at 00:53

makevoid

3,276
2
33
29

20

no. we need to use another one. this is the center of trouble – mmike Mar 26 '18 at 16:25
1

When running `ssh -T -ai ~/.ssh/id_rsa git@github.com` I get `Permission denied`. – Henke Jan 11 '21 at 16:46
@Henke you may need to `sudo ssh` (but it is very uncommon to have a setup where your can't call the ssh command without it) – makevoid Aug 25 '21 at 14:56
Hmm. I don't even remember if I ran that command in Windows Subsystem for Linux or in Git Bash (but most likely in one of them). The prefix `sudo` makes no sense in Git Bash / MSYS2, so it might be important whether I ran it in MSYS2 or not ... (:/) – Henke Aug 25 '21 at 16:10
Why don't you add `sudo` as a prefix in your answer? It wouldn't hurt, I think. I mean – people like myself, who run "Linux" commands inside MSYS2 every now and then – we will very likely know `sudo` makes no sense in an MSYS2 terminal. So I don't think an added `sudo` would confuse anyone. Users of MSYS2 will know it is not native Linux. (To clarify: I run MSYS2 installed on Windows 10.) – Henke Aug 25 '21 at 16:33
On second thought, I believe most likely I ran the command in WSL (which is the closest you can get to "native Linux" on a Windows OS – without running a virtual machine of course). I just tried it again. Without `sudo` I get `Permission denied (publickey)`. But _with_ `sudo` I get `[sudo] password for henke:` (asking for my password). So I conclude the most likely reason I got `Permission denied` in January is that I left out the `sudo`. – What is the reason you don't include `sudo` in your answer? (Sorry for being a bit lengthy in these comments.) – Henke Aug 25 '21 at 16:47

score 9 · Answer 3 · edited Nov 13 '18 at 05:29

9

John commented that it didn't work for him.

Perhaps the step you're missing is you need to alter your .git/config remote url to point to git@github-personal/<reponame>.git etc.. rather than the usual git@github.com/<reponame>.git

edited Nov 13 '18 at 05:29

Cœur

37,241
25
195
267

answered Feb 12 '14 at 13:29

James Ferguson

353
1
7

How to set this for cloning the repository in the first place? – Slaiyer Nov 03 '21 at 03:21
2

Assuming you have the config as listed above, then you take the ssh url from github: Click "Code" button, select "SSH" option, copy to clipboard. clone it but replace "github.com" with "github-personal" – James Ferguson Nov 16 '21 at 15:18

Harsath · Answer 4 · 2023-01-28T22:44:21.707

The following method is handy if you have multiple GitHub accounts but are unable to use the same SSH key (because you cannot use the same SSH key in different GitHub accounts):

Generate a new SSH key using ssh-keygen. Let's say the key is in ~/.ssh/id_rsa_foo.
Copy and paste the content of ~/.ssh/id_rsa_foo.pub into GitHub keystore (Settings → SSH and GPG keys → New SSH key).
Now, you can use GIT_SSH_COMMAND environment variable to tell git to use your newly generated key.
Run $ GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_foo' git push origin master.

Check your GitHub repo for the magic. Cheers!

score 5 · Answer 5 · answered May 28 '20 at 14:43

I've found a workaround that works for me:

You cannot add the same SSH key to different accounts, and that is true for GitHub, BitBucket, etc. But you can use different SSH keys for each account. The only downside then is how to easily switch between them?

I use ssh-agent and it can use multiple keys at the same time. I auto add them through .bashrc

if [ -z "$SSH_AUTH_SOCK" ] ; then
  eval `ssh-agent -s`
  ssh-add ~/.ssh/id_rsa
  ssh-add ~/.ssh/id_rsa2
fi

This approach works regardless of which key is added in your GitHub account. I guess ssh-agent makes attempts with each key until it succeeds. And if you don't want to add all keys, you just comment out the relevant line in the .bashrc before starting a new shell.

score 5 · Answer 6 · answered Jul 16 '20 at 10:29

You probably just need to change the name of your key.

ssh-keygen -t rsa -b 4096 -C "<email>"

Then it will ask to enter the file name, make sure that you enter the path name which does not exist on your system. Usually, "id_rsa" file name is created by default on MAC. Just change the name and then use following command to copy

pbcopy < {Path where SSH-Keygen is stored}

That's it. You can simply paste this keygen (copied from above command on the clipboard) in GitHub and use that without any problem.

score 2 · Answer 7 · answered Jul 17 '17 at 03:49

you can use the same ssh key for different github repositories but cannot use the same ssh key for many repositories (i.e,same repository from different logins or from forked) as github will not allow same deploy key more than once for a repository

You can create a different key in your machine without disturbing your existing keys like:ssh-keygen -t rsa -C "your_email@example.com"
Now provide your file name to identify your key for the repository

Enter file in which to save the key (/home/demo/.ssh/id_rsa):/home/demo/.ssh/id_rsa_mykey<br>

See https://developer.github.com/guides/managing-deploy-keys/#deploy-keys for details.

Ankita Srivastava · Answer 8 · 2022-12-11T22:07:40.760

The first solution mentioned below worked for me but not completely.

# Default GitHub
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa

Host github-public
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_public

Host github-personal
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_personal

Adding the rest of the step I did for make it work completely.

After updating my ssh file with the new key details and update the .git config url as mentioned above in the solution, I was able to pull from the repository but I was not able to push to the repository, as its mentioning permission denied. I tried running below command to check with which key I am logged in:

ssh -i ~/.ssh/<KEYNAME> git@github.com

And I was seeing the other user which I use for my not so personal work. After then I came to know that by default ssh will read key from id_rsa format and if we want to prevent this default behaviour(as my key was in format of ed*****) we need to add the below line in our ssh config for the new key.

identitiesOnly yes

And this worked for me and I was able to push. Let's say even after these changes, you were able to push but getting some message about keys are too open, you can try these 2 things to fix it.

Try fixing your keys permission by running below command.

chmod 400 KEY_PATH
If the above one didn't worked and you are still getting this error, you might have missed adding your new ssh key to ssh-agent. you can do that by running below command:

ssh-add -K KEY_PATH

And it should work fine.

I have automated all the manual steps in this file in case if you want to avoid all manual operation: https://gist.github.com/sankita15/875c60ecc028d471f75f102c70b62681

score 1 · Answer 9 · answered Mar 22 '23 at 09:50

Plesk – Web hosting

hosting multiple repositories on multiple webservers

(sorry if this a duplicate answer but I couldn't find another)

I occasionally run in the same problem when attempting to deploy to a web host using Plesk. After adding the deploy key to one repository or one user it can no longer be added to another ‍♂️. So in principle it is possible to deploy from one Git-account to one Plesk webhost only.

The following steps are a workaround:

Create a new mailbox or e-mail alias and call it something like hostmaster@your-domain. It has to be unique on Git.
Let Plesk generate the id_rsa and id_rsa.pub. It will do this first time when starting git deployment, but it will use the ones it finds in .ssh
Create a new GitHub (or other git) user name it according to your hosted domain, replacing . by - as GitHub doesn't like these. As email use the created mailbox or alias.
for this git user set the SSH pub key the one (id_rsa.pub) Plesk generated
now invite this user as collaborator to the repository or repositories you want to deploy in Plesk
go ahead and use the repository ssh url to deploy to Plesk and copy the webhook url to the repository for automatic deployment.

As others pointed out you can test the id_rsa key against the github server with:

ssh -T -ai .\id_rsa git@github.com

It should welcome you with the newly created git account.

You won't be using this git account for anything else as (web)server to (git)server communication. You might however want to update the keys occasionally. And of course you can create the ssh-keys yourself and copy them in .ssh on you webhost, Plesk will pick these up. For Windows users it now has ssh-keygen and ssh included, no need to get putty or cygwin.

I see now that the [github docs](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys) calls this _machine users_ at the end of the page But leave this answer as reference for the Plesk users out there. — theking2, Mar 22 '23 at 10:11

GitHub Error: Key already in use

9 Answers9

Plesk – Web hosting

hosting multiple repositories on multiple webservers

Linked