Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifjg6xg7l65hgbqfj6vxy6qdhfr6f7h2y2i235pos5cuml7guisiy",
    "uri": "at://did:plc:5opbpi2nomj4y3d5kpwamkrd/app.bsky.feed.post/3mmethtbpxdg2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreigdmr5qio4q4kw27brqrdjunb4qlp7t2nhkcvwb2yemq4fre3hd3e"
    },
    "mimeType": "image/jpeg",
    "size": 172137
  },
  "description": "If you are still cloning GitHub repositories over HTTPS and repeatedly authenticating with browser logins or tokens, switching to SSH is one of those small infrastructure improvements that pays off every day.\n\nSSH authentication gives you:\n\n * Passwordless Git operations after initial setup\n * Separate identities for personal and work GitHub accounts\n * Better compatibility with terminal-first workflows\n * Secure private-key authentication without storing access tokens in remotes\n * Seamless ope",
  "path": "/from-passwords-to-keys-setting-up-github-ssh-authentication-on-macos-and-never-typing-credentials-again/",
  "publishedAt": "2026-05-21T16:25:10.000Z",
  "site": "https://corti.com",
  "tags": [
    "GitHub SSH and GPG Keys Settings"
  ],
  "textContent": "If you are still cloning GitHub repositories over HTTPS and repeatedly authenticating with browser logins or tokens, switching to SSH is one of those small infrastructure improvements that pays off every day.\n\nSSH authentication gives you:\n\n  * Passwordless Git operations after initial setup\n  * Separate identities for personal and work GitHub accounts\n  * Better compatibility with terminal-first workflows\n  * Secure private-key authentication without storing access tokens in remotes\n  * Seamless operation across tools such as VS Code, Cursor, Claude Code, terminal Git, CI tooling, and developer containers\n\n\n\nThis guide walks through generating SSH keys, configuring GitHub, setting up macOS keychain integration, and migrating existing repositories.\n\nFor a setup with both **personal** and **work** GitHub accounts, we will configure separate identities and make SSH automatic.\n\n* * *\n\n## Why SSH Instead of HTTPS?\n\nGit supports multiple authentication methods.\n\nMethod| Pros| Cons\n---|---|---\nHTTPS + browser login| Simple initially| Frequent prompts, token management\nHTTPS + PAT| Works everywhere| Token storage overhead\nSSH| Fast, secure, transparent| Initial setup required\n\nOnce configured correctly, SSH becomes nearly invisible.\n\nYou simply run:\n\n\n    git pull\n    git push\n    git clone\n\n\n…and authentication just happens.\n\n* * *\n\n## Step 1 – Generate SSH Keys\n\nOpen Terminal.\n\nGenerate one key for personal projects:\n\n\n    ssh-keygen -t ed25519 -f ~/.ssh/github -C \"me@personal.com\"\n\n\nGenerate another for work:\n\n\n    ssh-keygen -t ed25519 -f ~/.ssh/github-work -C \"me@work.com\"\n\n\n### Why `ed25519`?\n\n`ed25519` is the modern recommendation for SSH keys because it provides:\n\n  * Strong security\n  * Fast authentication\n  * Smaller key size\n  * Wide support\n\n\n\nWhen prompted:\n\n\n    Enter passphrase:\n\n\nAdding a passphrase is recommended.\n\nAfter completion:\n\n\n    ~/.ssh/github\n    ~/.ssh/github.pub\n\n    ~/.ssh/github-work\n    ~/.ssh/github-work.pub\n\n\nPrivate keys stay local.\n\nOnly `.pub` files are uploaded to GitHub.\n\n* * *\n\n## Step 2 – Add Keys to the macOS SSH Agent\n\nThe SSH agent keeps your decrypted key available so you do not need to enter the passphrase repeatedly.\n\nCheck existing identities:\n\n\n    ssh-add -l\n\n\nAdd your keys:\n\n\n    ssh-add --apple-use-keychain ~/.ssh/github\n    ssh-add --apple-use-keychain ~/.ssh/github-work\n\n\nmacOS stores passphrases securely in Keychain.\n\nVerify:\n\n\n    ssh-add -l\n\n\nExpected output:\n\n\n    256 SHA256:...\n\n\n* * *\n\n## Step 3 – Configure `~/.ssh/config`\n\nThis is the most important step.\n\nCreate:\n\n\n    nano ~/.ssh/config\n\n\nAdd:\n\n\n    Host github.com\n      IdentityFile ~/.ssh/github\n      HostName github.com\n      User git\n      AddKeysToAgent yes\n      UseKeychain yes\n      IdentitiesOnly yes\n\n    Host github.com-work\n      IdentityFile ~/.ssh/github-work\n      HostName github.com\n      User git\n      AddKeysToAgent yes\n      UseKeychain yes\n      IdentitiesOnly yes\n\n\nSave.\n\nThis configuration means:\n\n### Personal account\n\n\n    git@github.com:user/repo.git\n\n\nuses:\n\n\n    ~/.ssh/github\n\n\n### Work account\n\n\n    git@github.com-work:company/repo.git\n\n\nuses:\n\n\n    ~/.ssh/github-work\n\n\nNo manual switching required.\n\n* * *\n\n## Step 4 – Copy the Public Keys\n\nCopy personal:\n\n\n    cat ~/.ssh/github.pub | pbcopy\n\n\nCopy work:\n\n\n    cat ~/.ssh/github-work.pub | pbcopy\n\n\nThe keys are now in your clipboard.\n\n* * *\n\n## Step 5 – Add Keys to GitHub\n\nOpen:\n\nGitHub SSH and GPG Keys Settings\n\nFor each key:\n\n  1. Click **New SSH key**\n  2. Choose a descriptive title:\n     * MacBook Pro\n     * MacBook Work\n  3. Paste the public key\n  4. Click **Add SSH key**\n\n\n\nRepeat for both identities.\n\n* * *\n\n## Step 6 – Test Authentication\n\nPersonal:\n\n\n    ssh -T git@github.com\n\n\nWork:\n\n\n    ssh -T git@github.com-work\n\n\nExpected:\n\n\n    Hi username! You've successfully authenticated...\n\n\nIf you see:\n\n\n    Permission denied (publickey)\n\n\nverify:\n\n\n    ssh-add -l\n    cat ~/.ssh/config\n\n\n* * *\n\n## Step 7 – Configure Git to Use the Correct Identity\n\nSet your Git identity globally:\n\nPersonal:\n\n\n    git config --global user.name \"Your Name\"\n    git config --global user.email \"me@personal.com\"\n\n\nFor work repositories:\n\n\n    git config user.name \"Your Work Name\"\n    git config user.email \"me@work.com\"\n\n\nYou can place those values per repository.\n\nVerify:\n\n\n    git config --list\n\n\n* * *\n\n# Migrating Existing Repositories from HTTPS to SSH\n\nMany developers already have dozens of repositories cloned via HTTPS.\n\nCheck current remote:\n\n\n    git config --get remote.origin.url\n\n\nExample:\n\n\n    https://github.com/user/project.git\n\n\nConvert manually:\n\n\n    git remote set-url origin git@github.com:user/project.git\n\n\nVerify:\n\n\n    git remote -v\n\n\n* * *\n\n## Automate Converting One Repository\n\nSave as:\n\n\n    git_remote_to_ssh.sh\n\n\n\n    #!/bin/bash\n    set -euo pipefail\n\n    url=$(git config --get remote.origin.url)\n\n    if [[ ! \"$url\" =~ ^https:// ]]; then\n        echo \"Error: remote URL does not start with https:// ($url)\" >&2\n        exit 1\n    fi\n\n    new_url=$(echo \"$url\" | sed -E 's#^https://github\\.com/#git@github.com:#')\n\n    git remote set-url origin \"$new_url\"\n\n    echo \"origin: $url -> $new_url\"\n\n\nMake executable:\n\n\n    chmod +x git_remote_to_ssh.sh\n\n\nRun inside a repository:\n\n\n    ./git_remote_to_ssh.sh\n\n\n* * *\n\n## Bulk Convert All Repositories in a Directory\n\nIf you keep many repositories under one folder:\n\n\n    ~/src\n    ~/repos\n    ~/projects\n\n\nUse this helper.\n\nSave as:\n\n\n    convert_all_git_remotes.sh\n\n\n\n    #!/bin/bash\n    set -uo pipefail\n\n    script_dir=$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\n\n    target=\"$script_dir/git_remote_to_ssh.sh\"\n\n    if [[ ! -x \"$target\" ]]; then\n        echo \"Error: $target not found or not executable\" >&2\n        exit 1\n    fi\n\n    base=$(pwd)\n\n    for dir in */; do\n        dir=\"${dir%/}\"\n\n        if [[ -d \"$dir/.git\" ]]; then\n            echo \"==> $dir\"\n\n            (\n                cd \"$dir\"\n                \"$target\"\n            ) || echo \"  (skipped: $dir)\"\n        fi\n    done\n\n    cd \"$base\"\n\n\nMake executable:\n\n\n    chmod +x convert_all_git_remotes.sh\n\n\nRun:\n\n\n    ./convert_all_git_remotes.sh\n\n\nEvery cloned GitHub repository under the current directory will be migrated automatically.\n\n* * *\n\n## Optional: Clone New Repositories Using SSH by Default\n\nInstead of:\n\n\n    git clone https://github.com/user/repo.git\n\n\nUse:\n\n\n    git clone git@github.com:user/repo.git\n\n\nFor work:\n\n\n    git clone git@github.com-work:company/repo.git\n\n\nNow every Git operation automatically uses your configured SSH identity.\n\n* * *\n\n## Final Thoughts\n\nSSH authentication is one of those developer quality-of-life improvements that disappears once configured correctly—which is exactly the point.\n\nWith:\n\n  * dedicated personal and work identities\n  * automatic Keychain integration\n  * persistent SSH agent configuration\n  * repository migration scripts\n\n\n\n…Git authentication becomes invisible infrastructure instead of daily friction.\n\nSet it up once and forget about it.",
  "title": "From Passwords to Keys: Setting Up GitHub SSH Authentication on macOS (and Never Typing Credentials Again)",
  "updatedAt": "2026-05-21T16:25:11.169Z"
}