GitHub doesn't allow a single SSH deploy key to be used for multiple repositories which make sense from a security stand point. So if you want one server to access multiple repositories with SSH keys, you need to create a specific SSH configuration with aliases to address each repository.
The following solution concerns a user currently logged into the server shell. The whole procedure will make sure that the user can do git commands accessing the remote repository on GitHub (e.g. pull, fetch, branch, etc.). Of course depending on the deploy key setting on GitHub.
-
Create SSH keys for multiple repositories
By default, the SSH keys registered for a user (private and public) is stored into the hidden folder
.sshlocated in the user's home directory. The default ssh key is namedid_rsa. While creating the keys, it should be renamed using the repository name as suffix. When they asked the save path, make sure to retype the path and use a significant suffix (identified as <ALIAS_REPO> in the following example).ssh-keygen -t rsa -b 4096 -C "<EMAIL_ADDRESS>" Generating public/private rsa key pair. Enter file in which to save the key (/home/<USER>/.ssh/id_rsa): /home/<USER>/.ssh/id_rsa_<ALIAS_REPO> Created directory '/home/<USER>/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/<USER>/.ssh/id_rsa_<ALIAS_REPO>. Your public key has been saved in /home/<USER>/.ssh/id_rsa_<ALIAS_REPO>.pub. The key fingerprint is: 0e:cd:96:95:fc:56:be:e6:4c:6a:20:3c:7d:3b:76:bb <EMAIL_ADDRESS> The key's randomart image is: +---[RSA 4096]----+ | | | . . | | + . | | o . . o | | ..S. o . | | ++ o.. o | | .o o o+ | | =+. | | o.oE+ | +-----------------+Repeat for as much repository keys as needed. This will create the private and public keys for all repositories.
-
Create configuration file to identify the aliases. Into the .ssh directory, create a new file named
configwith the following content adapted to your needs.Host <ALIAS_REPO> HostName github.com IdentityFile ~/.ssh/id_rsa_<ALIAS_REPO> IdentitiesOnly yes Host <ALIAS_REPO_X> HostName github.com IdentityFile ~/.ssh/id_rsa_<ALIAS_REPO_X> IdentitiesOnly yes ... -
Make sure the
.sshdirectory has correct permission and ownership.chmod -R 600 .ssh (for content) chmod 700 .ssh (for folder itself) -
Add your keys to the SSH agent (can be optional)
Technically, since the default folder is the .ssh directory from the home folder, whenever you use command that require keys, it should automatically fetch into that specific directory. Depending on systems and configurations, this step may be require to ensure functionality. It only make sure to add the new keys to the SSH agent.
eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_rsa_<ALIAS_REPO> ssh-add ~/.ssh/id_rsa_<ALIAS_REPO_X> ... -
Test connectivity with alias
ssh -T git@<ALIAS_REPO>
This solution allows the Apache user (e.g. through a PHP website/script) to interact with a remote git repository on GitHub. It can be useful if you are doing a system that can update itself from a Git version tag or you want to programmatically git pull or manage branches, etc.
To come shortly