Home About Email Resume Links

17 Nov 2014
SSH Keys

Public/private key pairs are a more secure way to allow remote login to any computers that you are running an ssh server on. It takes a few steps to set them up, but it really is worth it.

Make a new key

mkdir ~/.ssh        # create a folder for storing your keys
chmod 700 ~/.ssh    # allow rwx for your account only
ssh-keygen -t rsa   # generate a new key of type rsa

You will then be prompted to give the key a name. Choose something descriptive! You will also be prompted to create a password for this key.

Transfer key to host

To get your new key to your host from a linux computer try:

ssh-copy-id user@host   # Automatically copy all your public keys to host

If that fails or you are on OS X you can copy the key manually with:

scp -C user@server:~/.ssh/authorized_keys

Then you should be able to ssh to user@server without an ssh password. You will be prompted for your key’s password, but that will only happen once if you are, for example, using keychain on OS X.

As a last step run this from the home folder on the host machine. This just makes sure that any programs that need access to your public key can get it.

chmod g-rwx,o-rwx .ssh -R   # new permissions will now be 777

For Github

Make a new key as above, but Github suggests:

ssh-keygen -t rsa -b 4096 -C "descriptive-comment"

Then add the key to your system with

ssh-add ~/.ssh/keyname_rsa

Finally, add the public key in the SSH Keys tab of your Github settings by copying the entire contents of ~/.ssh/

Coexistence of Two SSH Keys used for two Github Accounts

You need to configure your system to know which ssh key to use with which repo, which takes a bit of bookeepping. The steps are found in this gist and its comments.

First put something like this in ~/.ssh/config (you may need to create this file).

# account1
    User git
    IdentityFile ~/.ssh/id_rsa_account1

# account2
    User git
    IdentityFile ~/.ssh/id_rsa_account2

This gives ssh a way to associate hosts (git repo push/pull targets) with keys. Now you need to configure your git repos to work with this system. For existing repos, in the file .../repo/.git/config, change this:

[remote "origin"]
  url =

To this:

[remote "origin"]
  url =

To avoid having to edit this config file for new repos you clone or create in the future, add the -account1 to your clone command like this:

git clone
Home About Email Resume Links