The Problem:
When both SSH keys are loaded, I get this error during git push:
ERROR: Permission to account_a/my_repository.git denied to account_b
fatal: Could not read from remote repository.
It seems like Git is using the wrong SSH key for authentication. The push works fine when I only load one key at a time, but I need both keys available simultaneously.
How can I configure Git to use the correct SSH key for each repository without having to reload keys every time?
actually had similiar issue before and found out my global git config was overriding the local repo settings. check git config --global user.email - if its set it might be causing conflicts with your per-repo configs. also make sure ur using the right remote urls with the host aliases, not just updating local config
The issue you’re experiencing is quite common when SSH agent offers all loaded keys to the server. GitHub will authenticate with whichever key it recognizes first, regardless of which repository you’re trying to access. Beyond updating your remote URLs as mentioned above, you should also add IdentitiesOnly yes to each host block in your SSH config. This prevents SSH from offering other keys beyond the one specified in IdentityFile. Without this setting, SSH agent will still try all loaded keys even when you specify a particular host. I had the same problem last year and adding IdentitiesOnly solved it completely. Your SSH config should look like:
One thing that caught my attention is your key management approach. You’re adding both keys to ssh-agent simultaneously, which can create conflicts even with proper host configuration. Instead of loading both keys at startup, consider using ssh-agent more strategically. I’ve been managing three different GitHub accounts for the past two years and found that ssh-agent can be problematic when it offers keys in unexpected order. Try removing both keys first with ssh-add -D, then only add the specific key you need for your current work session. You can also use ssh-add -l to verify which keys are currently loaded. The combination of IdentitiesOnly in your SSH config plus selective key loading has been the most reliable approach in my experience. If you frequently switch between accounts, you might want to create simple bash aliases that clear the agent and load the appropriate key for each account.
Worth checking if your ssh-agent is interfering even after setting up the host aliases correctly. Sometimes the agent keeps offering keys in a specific order regardless of your config. Try running ssh -T [email protected] and ssh -T [email protected] to test each connection individually before doing any git operations. If you’re still getting mixed up authentication, you might want to consider using ssh-add -d to remove specific keys when working on different projects, or alternatively set up a simple shell script that switches your ssh agent context. I’ve found that GitHub’s key matching can be finicky when multiple keys are present, even with proper host configuration. Another thing to double-check is that your key files have correct permissions (600 for private keys) as ssh can silently ignore keys with wrong permissions.
looks like ur missing the remote url part. you need to update each repo’s remote to use ur custom host aliases instead of regular github.com. try git remote set-url origin [email protected]:account_a/my_repository.git for account a repos and similar for account b. thats probly why its picking wrong key