"Permission denied (publickey)" - SSH's Way of Saying "Something's Fucked But I Won't Tell You What"

This error message is SSH's way of being a useless piece of shit. It's like getting "Error: Error" - technically correct but tells you absolutely nothing. Here's how to actually debug it: ```bash # Run SSH in verbose mode to see what's happening ssh -vT git@github-work ``` Look for lines like "Offering public key" to see which keys SSH is trying. If you don't see your key being offered: 1. **SSH config path is wrong**: Double-check the `IdentityFile` path in your config - you probably have a typo like `id_es25519` instead of `id_ed25519` 2. **File permissions are fucked**: Run `chmod 600 ~/.ssh/id_ed25519_work` - SSH is paranoid about who can read your keys 3. **SSH config syntax error**: One wrong tab instead of spaces breaks everything because SSH config parser was designed by pedantic assholes 4. **Wrong key uploaded**: You uploaded your personal "cumslut69" key to your work account during that late-night debugging session (we've all done this)

"Git is still asking for my password, what the hell?"

You're probably still using HTTPS URLs like a caveman. Check what you actually have: ```bash git remote -v ``` If you see `https://github.com/...` that's your problem. Fix it: ```bash git remote set-url origin git@github-work:username/repo.git ``` **The 3am debugging version**: You set up SSH perfectly but forgot to change the remote URL on your existing repositories. SSH only works with `git@hostname:...` URLs, not `https://...` URLs.

"SSH works from terminal but VS Code still asks for passwords"

IDEs are special snowflakes with their own Git integration. Here's the fix: - **VS Code**: Install GitLens extension, make sure it's using system Git not bundled Git - **IntelliJ**: File → Settings → Version Control → Git → Use credential helper - **Terminal Git always works**: If your IDE is being difficult, just `git push` from terminal The real solution is telling your IDE to use the system Git binary that already has SSH configured, not whatever bundled version it ships with.

"SSH test works but `git push` fails with weird errors"

SSH authentication passed but Git is confused about your identity: ```bash # Check what Git thinks your identity is git config user.email git config user.name # Set it correctly for this repository git config user.email "correct@email.com" git config user.name "Correct Name" ``` **Common scenario**: SSH connects with your work key, but Git commits with your personal email. This confuses GitHub's contribution tracking and sometimes triggers security policies.

"Can I use the same SSH key everywhere?"

**Same key on different platforms**: Yes - one key works for GitHub, GitLab, and Bitbucket simultaneously. **Same key on same platform, different accounts**: No fucking way. GitHub will tell you "Key is already in use" because they're not idiots. Each account needs its own unique key. **Trying to share keys anyway**: Don't. Just generate more keys. ED25519 keys are tiny and SSH doesn't care if you have 10 of them.

"Everything was working yesterday, now nothing works"

SSH agent probably died or your network changed. Debugging checklist: 1. **SSH agent died**: `eval $(ssh-agent -s)` then `ssh-add ~/.ssh/id_ed25519_work` 2. **macOS keychain locked**: Restart your computer (seriously, this fixes it) - common on macOS 14+ Sonoma/Sequoia 3. **VPN broke your shit**: Corporate VPNs love to fuck with SSH routing - Cisco AnyConnect and Zscaler are particularly notorious for this in 2025 4. **GitHub rotated their host keys**: Very rare, but `ssh-keygen -R github.com` clears the cache (last happened [March 2023](https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/) and broke half the internet) 5. **You switched WiFi networks**: If you're using a firewall bypass, Starbucks WiFi != office WiFi in terms of routing rules 6. **OpenSSH 9.0+ compatibility clusterfuck**: OpenSSH 9.0 tightened security defaults and broke configs that worked fine for years - thanks for nothing, OpenBSD team

"I need to rotate my SSH keys but I don't want to break everything"

Smart thinking. Here's the safe way: 1. **Generate new key with different filename**: `ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_work_new` 2. **Add new public key to GitHub** (don't remove old one yet) 3. **Update SSH config to point to new key** 4. **Test it**: `ssh -T git@github-work` 5. **Remove old public key from GitHub** only after new one works Your existing repositories keep working because you didn't change the SSH host alias.

"SSH config changes aren't doing shit"

SSH config is picky about syntax and permissions: ```bash # Fix permissions (SSH ignores world-readable configs) chmod 600 ~/.ssh/config # Test SSH config syntax ssh -F ~/.ssh/config -T git@github-work # Nuclear option: restart SSH entirely killall ssh-agent && eval $(ssh-agent -s) ``` **Gotcha**: SSH caches connections. If you change the config, run `ssh -O exit git@github-work` to force a fresh connection.

"Corporate firewall blocks SSH port 22, now what?"

GitHub supports SSH over port 443 (HTTPS port that firewalls allow): ``` Host github-work HostName ssh.github.com Port 443 User git IdentityFile ~/.ssh/id_ed25519_work IdentitiesOnly yes ``` [GitHub's SSH over HTTPS guide](https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port) has the full details. Most corporate firewalls can't block port 443 without breaking half the internet.

"I lost my SSH private key and everything is fucked"

Don't panic. Here's the recovery plan: 1. **Generate new SSH key immediately**: `ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_work_new` 2. **Remove old public key from GitHub** (so nobody can use the lost private key) 3. **Add new public key to GitHub** 4. **Update SSH config** to point to new key file 5. **Test**: `ssh -T git@github-work` Your repositories are fine. SSH keys are just authentication - they don't affect your Git history or repository data. **Prevention**: Backup `~/.ssh/` to your password manager or encrypted cloud storage. Don't store private keys in Dropbox or Google Drive unencrypted - that's how you end up on HaveIBeenPwned explaining to your boss why company infrastructure got compromised via your personal cloud storage. SSH troubleshooting covers the most common failure modes. Security practices prevent key compromise and access control issues.

Currently viewing the AI version

Switch to human version

SSH Multiple Git Accounts Configuration - AI-Optimized Technical Reference

Configuration Requirements

SSH Key Generation

Recommended Algorithm: ED25519 (faster, GitHub recommended as of 2025)
Critical Warning: RSA SHA-1 signatures disabled by GitHub since March 2022
Key Naming Convention: Use descriptive filenames (id_ed25519_work, id_ed25519_personal)
Passphrase Decision:
- Personal machines: Skip passphrases (usability vs security trade-off)
- Work laptops: Use passphrases (IT security audit requirement)
- Failure Mode: macOS Keychain integration breaks on OS updates (Monterey 12.3, Ventura 13.0)

SSH Configuration File Requirements

File Location: ~/.ssh/config
Critical Permissions: chmod 600 ~/.ssh/config (SSH ignores world-readable configs)
Syntax Requirements:

Spaces only for indentation (tabs break parsing)
No inline comments (breaks SSH parser)
Host blocks don't inherit from each other

Essential Configuration Template:

Host github-work
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_work
    IdentitiesOnly yes
    AddKeysToAgent yes

Host github-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_personal
    IdentitiesOnly yes
    AddKeysToAgent yes

Critical Settings:

IdentitiesOnly yes: Prevents "too many authentication failures" rate limiting
AddKeysToAgent yes: Avoids repeated passphrase prompts

Failure Modes and Solutions

Authentication Failures

"Permission denied (publickey)" Root Causes:

Wrong IdentityFile path in SSH config (typos like id_es25519)
Incorrect file permissions (run chmod 600 ~/.ssh/id_ed25519_*)
SSH config syntax errors (tabs instead of spaces)
Wrong public key uploaded to wrong account

Debugging Command: ssh -vT git@github-work (verbose output shows key offering attempts)

Repository URL Mismatches

Common Error: Using HTTPS URLs with SSH configuration
Detection: git remote -v shows https://github.com/...
Fix: git remote set-url origin git@github-work:company/repo.git

SSH Agent Issues

Agent Death Symptoms: Previously working SSH stops functioning
Recovery Process:

killall ssh-agent
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519_work
ssh-add ~/.ssh/id_ed25519_personal
ssh-add -l  # Verify keys loaded

Corporate Network Workarounds

Firewall Bypass (Port 22 Blocked)

Solution: SSH over HTTPS port 443

Host github-work
    HostName ssh.github.com
    Port 443
    User git
    IdentityFile ~/.ssh/id_ed25519_work
    IdentitiesOnly yes

Effectiveness: Port 443 cannot be blocked without breaking internet access

VPN Interference

Common VPNs with SSH Issues: Cisco AnyConnect, Zscaler (2025)
Symptoms: SSH works at home, fails at office
Solution: Port 443 workaround or connection multiplexing

Performance Optimizations

Connection Multiplexing

Performance Impact: Eliminates SSH handshake delay for subsequent connections
Configuration:

Host *
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 5m

Prerequisite: mkdir -p ~/.ssh/sockets

Time-Limited Key Loading

Security Enhancement: Automatic key expiration
Command: ssh-add -t 3600 ~/.ssh/id_ed25519_work (1-hour timeout)
Production Use: ssh-add -c ~/.ssh/id_ed25519_production (confirmation prompts)

Security Critical Operations

Key Rotation Process

Safe Rotation Steps:

Generate new key with different filename
Add new public key to Git service (keep old active)
Update SSH config to new key
Test new key: ssh -T git@github-work
Remove old public key only after verification

Key Compromise Response

Immediate Actions:

Remove compromised public key from all Git services
Generate new key pair immediately
Update SSH config
Notify team if work-related

Common Compromise Vectors:

Malware scanning ~/.ssh/ directory
Accidental private key commits to repositories
Unencrypted cloud storage sync
Docker container escape exposing host filesystem

Access Cleanup (Job Termination)

Checklist:

Remove work SSH public key from personal accounts
Delete work private keys: rm ~/.ssh/id_ed25519_work*
Clean SSH config (remove work host aliases)
Clear SSH agent: ssh-add -D
Verify no access to company repositories

Resource Requirements

Implementation Time

First-time setup: 1 hour
With SSH config syntax issues: 4 hours
Key rotation: 15 minutes per key
Corporate firewall bypass: Additional 30 minutes

Expertise Requirements

Basic setup: Intermediate command-line skills
Troubleshooting: Advanced SSH debugging knowledge
Corporate environments: Network security understanding

Maintenance Overhead

Key rotation: Every 6-12 months (SOC 2 compliance: 90 days)
SSH agent restarts: Weekly on Linux systems
Configuration updates: When changing jobs or adding accounts

Breaking Points and Limits

Scale Limitations

Maximum practical accounts: 20+ accounts supported
SSH agent memory: No practical limit for key count
Configuration complexity: Scales linearly with account count

Platform Compatibility

Supported OS: macOS, Linux, Windows (Git Bash)
Git hosting platforms: GitHub, GitLab, Bitbucket, Azure DevOps
Enterprise requirements: Works with corporate SSO and SAML

Common Failure Thresholds

SSH connection timeout: Default 30 seconds
Key authentication attempts: 6 attempts before lockout
File permission sensitivity: Any world-readable permission breaks SSH

Decision Criteria

When SSH Keys Are Worth It

Multiple Git accounts required
Frequent Git operations (multiple pushes/pulls daily)
Security compliance requirements
Team collaboration with identity separation

Alternative Comparison

Method	Setup Time	Reliability	Security	Maintenance
SSH Keys + Aliases	1 hour	High	High	Low
Manual Git Config	30 seconds	Low (human error)	Medium	High
HTTPS Tokens	2 hours	Medium (expiration)	Medium	Medium
Multiple Machines	N/A	High	High	Very High

Hidden Costs

Learning curve: SSH configuration syntax
Debugging time: SSH troubleshooting can take hours
Corporate compliance: Key rotation policies
Platform differences: macOS vs Linux SSH behavior variations

Critical Warnings

Production Deployment

Never commit private keys to repositories
Test SSH connections before trusting configuration
Backup SSH config but never backup private keys to cloud storage
Use connection multiplexing for performance in automated systems

Common Misconceptions

Myth: Same SSH key can be used for multiple accounts on same platform
Reality: Each account requires unique SSH key
Myth: SSH is automatically more secure than HTTPS
Reality: Security depends on proper key management and rotation

Silent Failure Modes

Wrong identity commits: SSH authenticates correctly but uses wrong Git user.email
Cached connections: SSH config changes ignored due to connection reuse
IDE Git integration: VS Code/IntelliJ may use different Git binary than terminal

This configuration provides enterprise-grade Git account separation with minimal ongoing maintenance once properly implemented.

Useful Links for Further Investigation

Essential Resources for SSH Git Multiple Accounts

Link	Description
Git SSH Documentation	The official Git documentation provides a comprehensive guide for setting up SSH, including generating your SSH public key and configuring it for server access.
OpenSSH Manual	The official OpenSSH manual page offers a complete and detailed reference for configuring the SSH client, covering all available options and their usage.
SSH Config File Format	This manual page provides an in-depth explanation of the SSH configuration file format, detailing the syntax and various options available for advanced customization.
GitHub SSH Documentation	The official GitHub documentation offers a comprehensive guide for connecting to GitHub using SSH, including detailed setup instructions and troubleshooting tips for common issues.
GitLab SSH Keys Guide	This guide from GitLab provides essential information on configuring SSH keys for use with GitLab, covering setup procedures and recommended best practices for secure access.
Bitbucket SSH Setup	Atlassian's official guide for Bitbucket Cloud users, detailing the process of setting up and managing SSH keys for secure authentication to your repositories.
Azure DevOps SSH Keys	Microsoft's comprehensive guide for Azure DevOps, explaining how to use SSH keys to authenticate with Git repositories in an enterprise environment.
SSH Agent Security Guide	A comprehensive guide detailing best practices and security considerations for safely using the SSH agent, ensuring your private keys remain protected.
SSH Key Security	A detailed discussion on Stack Exchange comparing the security of different SSH key algorithms like RSA and DSA, offering recommendations for robust authentication.
SSH Certificate Authentication	An insightful article from Facebook Engineering explaining their scalable and secure approach to managing SSH access using certificates across a large infrastructure.
GitHub SSH Certificate Authorities	GitHub's documentation on managing SSH Certificate Authorities for enterprise cloud organizations, providing robust control over Git access to repositories.
HashiCorp Vault SSH	HashiCorp Vault's documentation on its SSH secrets engine, enabling centralized and secure management of SSH keys for teams and automated workflows.
SSH Certificate Tutorial	A practical tutorial from Smallstep demonstrating how to implement and use modern SSH certificate-based authentication for enhanced security and simplified key management.
Multiple GitHub Accounts on Same Computer	The most comprehensive and highly upvoted Stack Overflow discussion addressing the challenge of managing multiple GitHub accounts on a single computer, offering various solutions.
SSH Key Management for Multiple Git Accounts	A recent Stack Overflow discussion focusing on effective SSH key management strategies for handling multiple Git accounts, providing up-to-date solutions and insights.
SSH Config Troubleshooting	A Stack Overflow thread dedicated to troubleshooting common SSH configuration issues when dealing with multiple GitHub accounts, offering practical fixes and advice.
Configuring SSH Keys for Multiple GitHub Accounts	A comprehensive tutorial providing step-by-step instructions and practical examples for configuring SSH keys to seamlessly manage multiple GitHub accounts.
Team-Friendly SSH Configuration	An enterprise-focused guide on Medium, detailing a team-friendly SSH configuration approach for managing multiple GitHub identities on a single machine.
SSH Multiple Keys Management	A developer-friendly tutorial on Dev.to that explains how to manage multiple SSH keys for Git, providing clear explanations and practical examples.
ssh-agent	The official manual page for `ssh-agent`, the standard SSH key agent used for securely managing SSH private keys in memory during a session.
Keychain	Keychain is a utility that helps manage the `ssh-agent` for Linux and macOS, allowing you to keep SSH keys loaded across sessions.
KeeAgent	KeeAgent is a plugin that provides SSH agent integration for the KeePass password manager, allowing secure management and use of SSH keys.
1Password SSH Agent	1Password's documentation on its integrated SSH agent, enabling secure and convenient management of SSH keys directly within the 1Password application.
Git Config Conditional Includes	The official Git documentation explaining conditional includes in `git config`, a powerful feature for automatically switching Git identities based on repository paths.
Git Extra Commands Collection	A community-maintained GitHub repository featuring a collection of useful Git utility scripts and extra commands to enhance your Git workflow.
VS Code Remote SSH	Official documentation for VS Code Remote SSH, detailing how to use SSH to connect to remote machines and develop directly on them from VS Code.
IntelliJ SSH Configuration	JetBrains' official guide for configuring SSH within IntelliJ IDEA and other JetBrains IDEs, enabling seamless Git integration and remote development.
Vim Fugitive	Vim Fugitive is a powerful Git wrapper for Vim, providing comprehensive Git integration directly within the editor, including support for SSH operations.
SSH Verbose Debugging	The OpenSSH manual page explaining how to use the `ssh -v` command for verbose debugging, which is essential for troubleshooting SSH connection issues.
SSH Agent Debugging	A Stack Exchange discussion addressing common `ssh-agent` issues, such as repeated passphrase prompts, and providing various solutions for smoother operation.
SSH Config Validation	A SuperUser discussion on validating SSH configuration syntax, particularly for setting up multiple SSH keys for different Git accounts on macOS.
Git SSH vs HTTPS	GitHub's documentation explaining the fundamental differences between using SSH and HTTPS for Git remote URLs, and when to choose each method.
Git Credential Helper Issues	The official Git documentation on credential helpers, providing guidance on resolving common credential conflicts that can arise when mixing SSH and HTTPS authentication.
SSH Key Permissions	A SuperUser discussion providing solutions and best practices for fixing common SSH key file permission errors, which are crucial for secure SSH operation.
SSH Over HTTPS	GitHub's guide on using SSH over the HTTPS port (443), a common technique for bypassing restrictive firewalls that block standard SSH ports.
SSH ProxyCommand	A Wikibooks entry detailing the use of `ProxyCommand` in SSH configuration, essential for setting up SSH proxies and jump hosts in corporate network environments.
SSH Jump Hosts	The Gentoo Wiki's explanation of SSH jump hosts, a method for establishing multi-hop SSH connections, commonly used in secure enterprise environments.

SSH Multiple Git Accounts Configuration - AI-Optimized Technical Reference

Configuration Requirements

SSH Key Generation

SSH Configuration File Requirements

Failure Modes and Solutions

Authentication Failures

Repository URL Mismatches

SSH Agent Issues

Corporate Network Workarounds

Firewall Bypass (Port 22 Blocked)

VPN Interference

Performance Optimizations

Connection Multiplexing

Time-Limited Key Loading

Security Critical Operations

Key Rotation Process

Key Compromise Response

Access Cleanup (Job Termination)

Resource Requirements

Implementation Time

Expertise Requirements

Maintenance Overhead

Breaking Points and Limits

Scale Limitations

Platform Compatibility

Common Failure Thresholds

Decision Criteria

When SSH Keys Are Worth It

Alternative Comparison

Hidden Costs

Critical Warnings

Production Deployment

Common Misconceptions

Silent Failure Modes

Useful Links for Further Investigation

Essential Resources for SSH Git Multiple Accounts

Related Tools & Recommendations

GitOps Integration Hell: Docker + Kubernetes + ArgoCD + Prometheus

GitHub Desktop - Git with Training Wheels That Actually Work

AI Coding Assistants 2025 Pricing Breakdown - What You'll Actually Pay

I've Been Juggling Copilot, Cursor, and Windsurf for 8 Months

OpenAI API Integration with Microsoft Teams and Slack

Jenkins + Docker + Kubernetes: How to Deploy Without Breaking Production (Usually)

Jenkins Production Deployment - From Dev to Bulletproof

Jenkins - The CI/CD Server That Won't Die

GitLab CI/CD - The Platform That Does Everything (Usually)

GitLab Container Registry

GitHub Enterprise vs GitLab Ultimate - Total Cost Analysis 2025

Enterprise Git Hosting: What GitHub, GitLab and Bitbucket Actually Cost

OpenAI Gets Sued After GPT-5 Convinced Kid to Kill Himself

Azure DevOps Services - Microsoft's Answer to GitHub

Fix Azure DevOps Pipeline Performance - Stop Waiting 45 Minutes for Builds

Docker Alternatives That Won't Break Your Budget

I Tested 5 Container Security Scanners in CI/CD - Here's What Actually Works

VS Code 1.103 Finally Fixes the MCP Server Restart Hell

GitHub Copilot + VS Code Integration - What Actually Works

Cursor AI Review: Your First AI Coding Tool? Start Here