Skip to content

Instantly share code, notes, and snippets.

@shashankpali

shashankpali/Beginner Guide: Multiple GitHub SSH Keys (Ed25519, 2025).md

Last active September 11, 2025 08:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save shashankpali/c2f49cf5603e59bc24f7444c00d8e875 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save shashankpali/c2f49cf5603e59bc24f7444c00d8e875 to your computer and use it in GitHub Desktop.
Download ZIP
Beginner Guide: Multiple GitHub SSH Keys (Ed25519, 2025)
Raw
Beginner Guide: Multiple GitHub SSH Keys (Ed25519, 2025).md

🔑 Multiple GitHub Accounts with SSH (2025, macOS + Ed25519)

GitHub blocks legacy RSA/SHA-1 signatures. Use Ed25519 keys, one per account (e.g., personal and work), and map them via ~/.ssh/config.

Example values used below:

  • Personal email: alice.personal@example.com
  • Work email: alice.work@example.com
  • Personal GitHub username: alice-personal
  • Work GitHub org: acme-inc
    Replace with your own.

0) Verify your SSH client (once)

ssh -V
# Expect a recent OpenSSH, e.g., OpenSSH_9.x

1) (Optional) Clean up old RSA keys

Do this only if you know you don’t need old RSA keys elsewhere.

# See what's there
ls -l ~/.ssh/

# Backup any old RSA keys (optional)
mkdir -p ~/.ssh/backup && cp ~/.ssh/id_rsa* ~/.ssh/backup/ 2>/dev/null || true

# Remove common RSA keys (adjust names if yours are different)
rm -f ~/.ssh/id_rsa ~/.ssh/id_rsa.pub       ~/.ssh/id_rsa_personal ~/.ssh/id_rsa_personal.pub       ~/.ssh/id_rsa_work ~/.ssh/id_rsa_work.pub

# Reset the agent (clears loaded identities)
eval "$(ssh-agent -s)"
ssh-add -D

2) Generate Ed25519 keys (one per account)

# PERSONAL key
ssh-keygen -t ed25519 -a 100 -C "alice.personal@example.com" -f ~/.ssh/id_ed25519_personal

# WORK key
ssh-keygen -t ed25519 -a 100 -C "alice.work@example.com" -f ~/.ssh/id_ed25519_work
  • When prompted, set a passphrase (recommended).

3) Add keys to the SSH agent (macOS keychain friendly)

eval "$(ssh-agent -s)"

# Store passphrases in macOS Keychain (Ventura+)
ssh-add --apple-use-keychain ~/.ssh/id_ed25519_personal
ssh-add --apple-use-keychain ~/.ssh/id_ed25519_work

# Verify they’re loaded
ssh-add -l

4) Configure per-account hosts in ~/.ssh/config (minimum but safe)

# Create/replace config (backup first if you have one)
cp ~/.ssh/config ~/.ssh/config.backup 2>/dev/null || true

cat > ~/.ssh/config <<'EOF'
Host gh_personal
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519_personal
  IdentitiesOnly yes # forces SSH to *only* try this key
  AddKeysToAgent yes # auto-adds key to agent when used
  UseKeychain yes # macOS-specific: store passphrase in Keychain

Host gh_work
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519_work
  IdentitiesOnly yes
  AddKeysToAgent yes
  UseKeychain yes
EOF

# Secure permissions (important on macOS)
chmod 700 ~/.ssh
chmod 600 ~/.ssh/config

5) Add your public keys to the correct GitHub accounts

# Copy PERSONAL pubkey, paste into GitHub (personal) → Settings → SSH and GPG keys → New SSH key
pbcopy < ~/.ssh/id_ed25519_personal.pub

# Copy WORK pubkey, paste into GitHub (work) → Settings → SSH and GPG keys → New SSH key
pbcopy < ~/.ssh/id_ed25519_work.pub

6) Test authentication for each account

ssh -T git@gh_personal
ssh -T git@gh_work

Expected:

Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.

7) Use the right alias in repos

A) Clone new repos with the alias

# Personal repo example
git clone git@gh_personal:alice-personal/my-toy-app.git

# Work repo example
git clone git@gh_work:acme-inc/payments-service.git

B) Update an existing repo’s remote to use the alias

cd /path/to/your/repo

# See current remotes
git remote -v

# Point to WORK (example: acme-inc/payments-service)
git remote set-url origin git@gh_work:acme-inc/payments-service.git

# Or point to PERSONAL
git remote set-url origin git@gh_personal:alice-personal/my-toy-app.git

# Confirm
git remote -v

# Quick fetch test
git fetch

Real example:

git remote set-url origin git@gh_work:pep/s-info-shared-libs.git

8) Set the correct commit identity per repo

# In a WORK repo
git config user.name  "Alice W"
git config user.email "alice.work@example.com"

# In a PERSONAL repo
git config user.name  "Alice P"
git config user.email "alice.personal@example.com"

# Verify
git config --get user.name
git config --get user.email

9) (Optional) Remove old RSA keys from GitHub

  • GitHub (each account) → Settings → SSH and GPG keys → Delete old rsa entries.

Troubleshooting (quick fixes)

  • “Too many authentication failures” → Add IdentitiesOnly yes (already in the config) and ensure only the intended key is tried for each host.
  • “Permission denied (publickey)” → Make sure the correct .pub key is added to the matching GitHub account and your repo URL uses the right alias (git@gh_work: vs git@gh_personal:).
  • Passphrase prompts every reboot → Ensure you added via ssh-add --apple-use-keychain … and that ssh-agent is running.
  • Config permission warningchmod 600 ~/.ssh/config and chmod 700 ~/.ssh.

✅ TL;DR

  • Use Ed25519 keys (one per account).
  • Configure ~/.ssh/config with gh_personal and gh_work.
  • Use repo URLs like:
    • git@gh_personal:your-username/your-repo.git
    • git@gh_work:your-org/your-repo.git

This setup is clean, minimal, and GitHub-safe in 2025. 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment