How to Clone Multiple GitHub Repos with Deploy Keys

You have a single user account (deploy-user) on a server instance and you want to deploy multiple GitHub repositories with the same deploy key. You successfully do that for the first repo repo-first. But when you try to do that for the second repo repo-second. GitHub stops you.

In fact, when you add the same deploy key to the second repo, GitHub shows you an error message that says, GitHub gives you an error message Error: Key already in use. In their documentation, they state that

Once a key has been attached to one repository as a deploy key, it cannot be used on another repository.

“Error: Key Already in Use – User Documentation.” Accessed January 2, 2019. https://help.github.com/articles/error-key-already-in-use/#deploy-keys.

Now you can take that key and add it to your user account in GitHub instead. But that would grant read and write access to ALL the repos for deploy-user.

That’s incredibly insecure. So what do you do if you want to have deployment for your repos in the same machine but using deploy keys?

Step 1: Create different key-pairs for different repos for same server user account

This step is pretty simple. I prefer to create the different keys like this

ssh-keygen -t rsa -b 4096 -C "repo-first@servername-deploy-user"
ssh-keygen -t rsa -b 4096 -C "repo-second@servername-deploy-user"

And then I typically copy out the public keys this way:

cat /home/deploy-user/.ssh/repo-first.pub

From this, I’ll copy and add the keys to the respective repos. Typically, I also disallow write access for these keys. This time, you should successfully add the deploy keys to both repos.

Step 2: Set up the SSH Configuration Per Repo

I’ll edit the ssh configuration this way. As the deploy-user, I run vim ~/.ssh/config. It opens up the configuration file and add the configuration like this:

Host alias-repo-first github.com
  Hostname github.com
  IdentityFile /home/deploy-user/.ssh/repo-first

Host alias-repo-second github.com
  Hostname github.com
  IdentityFile /home/deploy-user/.ssh/repo-second

Why do you need this? Because when you run the git clone command, git will automatically pick the default SSH key id_rsa to attempt the connection. Therefore, we need this configuration to get around this automatic selection of the SSH key.

Note: there’s a space between the alias and github.com for each set of configuration under the Host key.

Step 3: Verify the SSH Configuration

To test this works, exit the configuration file and type the following:

ssh -T git@alias-repo-first

You should see the following if successful:

Hi Organization/repo-first! You've successfully authenticated, but GitHub does not provide shell access.

Repeat the same for each repo’s configuration.

Step 4: Clone the Repo

This is the easiest step. Run the git clone command for each repo.

git clone git@alias-repo-first:Organization/repo-first.git

That should solve the situation of cloning multiple GitHub repos with purely deploy keys.

Conclusion

Just to summarize, these are the steps.

How to Clone Multiple GitHub Repos with Deploy Keys

  1. Create 1 pair of SSH key per repo

    For example, ssh-keygen -t rsa -b 4096 -C "repo-first@servername-deploy-user"

  2. Set up SSH config file

    Indicate which key-pair for which repo. Example,
    Host alias-repo-first github.com
    Hostname github.com
    IdentityFile /home/deploy-user/.ssh/repo-first

  3. Verify the configuration

    Test your configuration using ssh -T git@alias-repo

  4. Clone the repo

    Now the moment of truth. git clone git@alias-repo-first:Organization/repo-first.git

This is post #2 since I devote to publishing every week.

Photo by Brina Blum on Unsplash

Leave a Reply

avatar
  Subscribe  
Notify of