If I have multiple ~/.ssh key pairs for connecting to Github ([email protected]:hivelogic2018/nuxt-vuetify-simple.git), Gitlab and I just generated new pair for Forgejo. How does eval $(ssh-agent -s) and ssh-add ~/.ssh/id_forgejo_rsa do? How to keep them together in sync for different git servers? with ssh-add ? without having to keep switching among ssh-agent(s) ?
eval $(ssh-agent -s) and ssh-add ~/.ssh/id_forgejo_rsa are the two key commands for managing SSH authentication with an SSH agent.
ssh-agent is a program that runs in the background and holds your private SSH keys in memory. This is a secure way to manage your keys, especially those with passphrases, since it prevents you from having to enter the passphrase every time you connect to a server. When you run eval $(ssh-agent -s), you're starting this program and setting environment variables (SSH_AUTH_SOCK and SSH_AGENT_PID) in your current shell session so that other SSH programs know where to find the running agent.
ssh-add is the command you use to add your private keys to the running ssh-agent. When you run ssh-add ~/.ssh/id_forgejo_rsa, you're telling the agent to load that specific private key. If the key is protected by a passphrase, you'll be prompted to enter it once. After that, for the entire duration of the ssh-agent session, you won't need to re-enter the passphrase for that key.
You don't need to switch between different agents. Instead, you load all your keys into a single ssh-agent instance. The key to making this work for different Git servers is to configure your SSH client to use the correct key for each host.
You can add all your keys to the agent with separate ssh-add commands. You can even do this in one line.
ssh-add ~/.ssh/id_github_rsa ~/.ssh/id_gitlab_rsa ~/.ssh/id_forgejo_rsaYou can verify that all the keys have been added by running ssh-add -l. You'll see a list of the fingerprints for each key the agent is currently managing.
The crucial step for managing multiple keys is creating or editing your SSH config file. This file, located at ~/.ssh/config, tells your SSH client which key to use for which server.
Here's an example of how you would configure it for GitHub, GitLab, and Forgejo:
# GitHub account
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_github_rsa
IdentitiesOnly yes
# Gitlab account
Host gitlab.com
HostName gitlab.com
User git
IdentityFile ~/.ssh/id_gitlab_rsa
IdentitiesOnly yes
# Forgejo account
Host forgejo.com
HostName forgejo.com
User git
IdentityFile ~/.ssh/id_forgejo_rsa
IdentitiesOnly yes
What the config does:
Host: This is an alias for the server. When you connect, SSH will look for a matchingHostentry. For GitHub, GitLab, and Forgejo, you should use their actual domain names here. You can also create custom aliases (e.g.,Host my-forgejo-alias), which you'd then use in your Git remote URL.HostName: The actual server hostname to connect to.User: The user to log in as (for Git services, this is almost alwaysgit).IdentityFile: The path to the private key to use for this specific host.IdentitiesOnly yes: This is a very important line. It prevents the SSH client from trying all the keys it has loaded in the agent. Instead, it will only try the specific key you've defined withIdentityFile, which avoids "Too many authentication failures" errors from the server.
Once this is configured, when you run git clone [email protected]:user/repo.git, your SSH client will automatically consult the ~/.ssh/config file and use the id_github_rsa key to authenticate. The same will happen for your GitLab and Forgejo connections, all without you having to manually switch keys or agents.
Identity added: /Users/admin/.ssh/id_rsa ([email protected])
Identity added: /Users/admin/.ssh/id_rsa_arth ([email protected])
Identity added: /Users/admin/.ssh/id_ed25519_forgejo ([email protected])