Multiple SSH Keys for Sourcetree

Multiple SSH Keys for Sourcetree

Multiple SSH Keys for Git on Windows

We use Git and Sourcetree, primarily on the Windows operating system and love it 99% of the time. Sometimes we work from our personal computers and being developers, we have our own projects outside of work that are associated with different credentials. To avoid SSH key issues we just use simple HTTPS to clone our repos down instead of hassling with multiple SSH keys.

This week we have officially adopted two-factor authentication for our revision control so guess what?!

As the documentation clearly states, this breaks HTTPS login for Git!

All things considered this is a small issue but getting multi-key SSH configured was surprisingly difficult. What I found most interesting was that every document explaining how to do this omitted one or two critical details. I have recorded the steps I took to guarantee a sure-fire process to achieve functional Windows Sourcetree with Git working on multiple SSH keys.

Obviously this is Windows and Git specific. We'll be implementing the scenario where you have 1 work and 1 personal Github/Bitbucket/Gitlab account

  1. Configure Sourcetree to use OpenSSH. We don't use HG so no issues for us!
    • Existing Keys: If you previously used Putty, load your ppk into PuttyGen and convert it to Open SSH format using the conversion option. Append .rsa to the file name so you can differentiate from your ppk format private key.
    • Fresh Start: If you want to start from scratch, generate two new keys in PuttyGen. 1 for work and 1 for home. Save the private and public keys for later use.
  2. Check that both of your personal and work account have the correct public keys added for access.
  3. Create a .bashrc file at %userprofile%\.bashrc and save the following:
    #! /bin/bash 
    eval `ssh-agent -s` 

    # Note you make change the .rsa to match whatever suffix you choose for your OpenSSH private keys.
    ssh-add ~/.ssh/*.rsa
  4. <a id="step4"" name="step4"></a>Create a %userprofile%\.ssh\config
    Host work

      # The ~/ means your profile directory. work.rsa should be changed to match
      # the OpenSSH private key name for your work account.
      IdentityFile ~/.ssh/work.rsa

      # Tell SSH to only use identities used in this file
      IdentitiesOnly yes

    Host home

      # home.rsa should be changed to match
      # the OpenSSH private key name for your home account.
      IdentityFile ~/.ssh/home.rsa
      IdentitiesOnly yes

    See the SSH Docs for more information about these options

  5. Close Sourcetree
  6. Close all open terminals/shells/cmd prompts
  7. Relaunch Sourcetree
  8. Launch Terminal via Sourcetree</p> terminal_sourcetree

    and verify that you see similar output: 

    Agent pid 11740
    Identity added: /c/Users/yourname/.ssh/home.rsa (/c/Users/yourname/.ssh/home.rsa)
    Identity added: /c/Users/yourname/.ssh/work.rsa (/c/Users/yourname/.ssh/work.rsa)
  9. If you do not see that output, your .bashrc file is incorrect or in the wrong directory. Redo Step 3. If that still doesn't work, start over because you probably have the wrong format keys.
  10.  Running ssh-add -l should list the thumbprints for your two SSH keys.</p> ssh-add-l
  11. You are now ready to clone/pull/push some code!

    From here, depending on what order you loaded your keys either your home or work will be treated as default. For me, my home registers as default because either key name or thumbprint is alphabetically first. No matter though; we can fix this! 

  12. Repos belonging to the non-default account will need to have their git origins modified by replacing the hostname portion of the url with the alias id from your .ssh\config file.</p>

    In my case I would replace my origin with git@work:myname/repo.git.

  13. Once you have updated your git origin for the secondary account to use the config file's alias from step 4, you should be able to push/pul without issue.
    • If you do have an issue, use Sourcetree menu Tools -> Add SSH Key... dialog to try re-adding the key.
    • If that doesn't work, close Sourcetree, any open console, and try again!
    • If that doesn't work then you probably missed a step or detail. Try again!

  14. One final tip before you go. Be sure to clear out any saved username/passwords from the Sourcetree authentication tab that are related to your work/home accounts. If you don't remove these, Sourcetree will keep alerting you to that fact the HTTPS login cannot be performed via OpenSSH. Not a big deal but the modal dialogue gets lost and is super annoying to find.


Good luck and happy coding!


Comments Section

Feel free to comment on the post but keep it clean and on topic.

blog comments powered by Disqus