title: "How to Clone Multiple GitHub Repos with Deploy Keys" date: "2019-01-01" coverImage: "brina-blum-156977-unsplash.jpg"
You have a single user account (deploy-user) on a server instance and you want to deploy multiple GitHub repositories with the same deploy key. You successfully do that for the first repo repo-first
. But when you try to do that for the second repo repo-second
. GitHub stops you.
In fact, when you add the same deploy key to the second repo, GitHub shows you an error message that says, GitHub gives you an error message Error: Key already in use. In their documentation, they state that
Once a key has been attached to one repository as a deploy key, it cannot be used on another repository.
“Error: Key Already in Use - User Documentation.” Accessed January 2, 2019. https://help.github.com/articles/error-key-already-in-use/#deploy-keys.
Now you can take that key and add it to your user account in GitHub instead. But that would grant read and write access to ALL the repos for deploy-user.
That's incredibly insecure. So what do you do if you want to have deployment for your repos in the same machine but using deploy keys?
This step is pretty simple. I prefer to create the different keys like this
ssh-keygen -t rsa -b 4096 -C "repo-first@servername-deploy-user"
ssh-keygen -t rsa -b 4096 -C "repo-second@servername-deploy-user"
And then I typically copy out the public keys this way:
cat /home/deploy-user/.ssh/repo-first.pub
From this, I'll copy and add the keys to the respective repos. Typically, I also disallow write access for these keys. This time, you should successfully add the deploy keys to both repos.
I'll edit the ssh configuration this way. As the deploy-user, I run vim ~/.ssh/config
. It opens up the configuration file and add the configuration like this:
Host alias-repo-first github.com
Hostname github.com
IdentityFile /home/deploy-user/.ssh/repo-first
Host alias-repo-second github.com
Hostname github.com
IdentityFile /home/deploy-user/.ssh/repo-second
Why do you need this? Because when you run the git clone command, git will automatically pick the default SSH key id_rsa
to attempt the connection. Therefore, we need this configuration to get around this automatic selection of the SSH key.
Note: there's a space
between the alias and github.com
for each set of configuration under the Host
key.
To test this works, exit the configuration file and type the following:
ssh -T git@alias-repo-first
You should see the following if successful:
Hi Organization/repo-first! You've successfully authenticated, but GitHub does not provide shell access.
Repeat the same for each repo's configuration.
This is the easiest step. Run the git clone command for each repo.
git clone git@alias-repo-first:Organization/repo-first.git
That should solve the situation of cloning multiple GitHub repos with purely deploy keys.
Just to summarize, these are the steps.
How to Clone Multiple GitHub Repos with Deploy Keys
Create 1 pair of SSH key per repo
For example, `ssh-keygen -t rsa -b 4096 -C "repo-first@servername-deploy-user"`
Set up SSH config file
Indicate which key-pair for which repo. Example,
Host alias-repo-first github.com
Hostname github.com
IdentityFile /home/deploy-user/.ssh/repo-first
Verify the configuration
Test your configuration using ssh -T git@alias-repo
Clone the repo
Now the moment of truth. git clone git@alias-repo-first:Organization/repo-first.git
Photo by Brina Blum on Unsplash