Managing multiple GitHub accounts with SSH & `Match host` syntax
As a developer, you might find yourself juggling multiple GitHub accounts for different purposes — one for personal projects and another for work-related tasks. The challenge arises when you want to use both accounts on the same machine without constantly entering your password during git push or git pull.
Solution
The best way to handle multiple GitHub accounts is to use SSH keys and configure your SSH client to automatically use the correct key based on the repository you’re accessing.
How to Set It Up
1. Generate SSH Key Pairs for Each Account
First, generate separate SSH key pairs for each GitHub account using the modern Ed25519 algorithm:
1
2
3
4
5
# For personal account
ssh-keygen -t ed25519 -C "your-personal-email@example.com" -f ~/.ssh/personal_key
# For work account
ssh-keygen -t ed25519 -C "your-work-email@example.com" -f ~/.ssh/work_key
The
-t ed25519flag specifies the use of the Ed25519 algorithm, which is more secure and efficient than older alternatives.
2. Clear SSH Key Cache
Before proceeding, clear any existing cached keys:
1
ssh-add -D
3. Edit/Create the SSH Config File
Create or edit your SSH config file. You can use either of these two approaches:
Approach 1: Using Host Aliases
1
2
3
4
5
6
7
8
9
10
11
12
13
# Personal GitHub account
Host github.com-personal
HostName github.com
User git
IdentityFile ~/.ssh/personal_key
IdentitiesOnly yes
# Work GitHub account
Host github.com-work
HostName github.com
User git
IdentityFile ~/.ssh/work_key
IdentitiesOnly yes
Approach 2: Using Match Host Syntax
1
2
3
4
5
6
7
8
9
10
11
# Personal GitHub account (default)
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/personal_key
IdentitiesOnly yes
# Work GitHub account (matched by repository URL pattern)
Match host github.com exec "git config --get remote.origin.url | grep -q 'WorkOrgName'"
IdentityFile ~/.ssh/work_key
IdentitiesOnly yes
The
Match hostapproach automatically selects the correct key based on the repository URL pattern, eliminating the need for different host aliases. However, it requires your repositories to follow a consistent naming pattern (e.g., all work repositories under the same organization name).
4. Add SSH Keys to GitHub
For each account:
- Log into the respective GitHub account
- Go to Settings → SSH and GPG keys
- Click “New SSH key”
- Give it a descriptive title
- Copy the contents of the respective .pub file (
cat ~/.ssh/personal_key.puborcat ~/.ssh/work_key.pub) - Paste and save
5. Verify Connections
Test each connection separately:
1
2
3
4
5
# Test personal account
ssh -i ~/.ssh/personal_key -T git@github.com
# Test work account
ssh -i ~/.ssh/work_key -T git@github.com
You should see messages like:
1
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
If you get an error or see the wrong username, verify that:
- The key is added to the correct GitHub account
- The key permissions are correct (600 for private key, 644 for public key)
- The key is not added to multiple GitHub accounts
6. Working with Repositories
Using Host Aliases (Approach 1)
When using host aliases, you need to specify the correct host in your git commands:
First-time Clone:
1
2
3
4
5
# For personal repositories
git clone git@github.com-personal:username/repo-name.git
# For work repositories
git clone git@github.com-work:organization/repo-name.git
Using Match Host (Approach 2)
When using the Match host approach, there’s an important caveat for first-time clones:
First-time Clone: For the initial clone, you’ll need to explicitly specify which SSH key to use since the repository’s remote URL isn’t available yet:
1
2
3
4
5
# For work repositories
GIT_SSH_COMMAND="ssh -i ~/.ssh/work_key" git clone git@github.com:organization/repo-name.git
# For personal repositories
git clone git@github.com:username/repo-name.git # Uses default key
After Clone: Once the repository is cloned, all subsequent git operations (pull, push, fetch, etc.) will automatically use the correct SSH key based on the Match host pattern matching against the repository’s remote URL.
The need to specify the SSH key during clone is a limitation of the
Match hostapproach, as the pattern matching relies on the repository’s remote URL which is only available after cloning.
Key Selection Process:
- When you run a git command, SSH checks the repository’s remote URL
- If the URL matches the pattern in your
Match hostrule (e.g., contains ‘WorkOrgName’), it uses the work key - If no match is found, it falls back to the default (personal) key
Advantages of Match Host:
- Simpler URLs - no need to remember different host aliases
- Works with copy-pasted GitHub URLs without modification
- Automatically selects the correct key based on repository organization
- Better compatibility with third-party tools that expect standard GitHub URLs
Limitations:
- Requires consistent repository organization naming for pattern matching
- All repositories from the same organization must use the same SSH key
- More complex to debug if pattern matching isn’t working as expected
Repository Configuration
Regardless of the approach used, you still need to configure your git user information for each repository:
1
2
3
4
5
6
7
# For personal repositories
git config user.email "your-personal-email@example.com"
git config user.name "Your Personal Name"
# For work repositories
git config user.email "your-work-email@example.com"
git config user.name "Your Work Name"
To automate this process in Visual Studio Code, you can use the git-autoconfig extension. This extension:
- Prompts you to set local user.email and user.name for each Git project you open
- Provides a convenient selector for previously used email and name pairs
- Helps prevent accidental commits with wrong user information
- Can be configured with a list of predefined configurations for quick selection
Troubleshooting
If you encounter issues, try the following:
- Check Key Permissions:
1 2
chmod 600 ~/.ssh/personal_key ~/.ssh/work_key chmod 644 ~/.ssh/personal_key.pub ~/.ssh/work_key.pub
- Verify SSH Agent:
1 2
eval "$(ssh-agent -s)" ssh-add -l
- Debug Connection:
1
ssh -v -T git@github.com
- Clear SSH Cache:
1
ssh-add -D # Removes all cached keys
Advantages of This Setup
- Clear Separation: Each account has its own dedicated SSH key and host alias
- No Key Conflicts: The
IdentitiesOnly yesoption prevents key confusion - Easy Switching: Using host aliases or
Match hostapproach makes it clear which account you’re using - Secure: Using Ed25519 keys provides modern security standards
Conclusion
This setup allows you to manage multiple GitHub accounts securely and efficiently. By using different SSH keys and host aliases or Match host approach, you can maintain clear separation between accounts while enjoying a smooth workflow.