When working on a headless server or terminal-only environment, managing multiple GitHub SSH keys securely can be challenging — especially when you’re using 1Password. This guide walks you through setting up 1Password CLI to handle SSH keys for multiple GitHub accounts, all without a graphical interface.
📦 Prerequisites
- Debian or any Linux distro with a terminal
-
1Password CLI installed (
op) - SSH installed and working (
ssh,ssh-agent,ssh-add) - SSH keys (private + public) already stored in 1Password for each GitHub account
- Public keys added to the corresponding GitHub accounts
🧩 Step-by-Step Setup
🔹 1. Ensure ssh-agent Is Running
Before using any keys, make sure the SSH agent is active:
eval "$(ssh-agent -s)"
To make this automatic, add it to your ~/.bashrc, ~/.zshrc, or shell init file:
echo 'eval "$(ssh-agent -s)"' >> ~/.bashrc
🔹 2. Load SSH Keys from 1Password CLI
Use the 1Password CLI to securely fetch your private key and load it into ssh-agent.
For each GitHub account (say personal and work), run:
# Replace <item-id> with your 1Password item ID
op item get "<item-id>" --field "private key" > ~/.ssh/id_personal
chmod 600 ~/.ssh/id_personal
ssh-add ~/.ssh/id_personal
Repeat for your work account:
op item get "<item-id>" --field "private key" > ~/.ssh/id_work
chmod 600 ~/.ssh/id_work
ssh-add ~/.ssh/id_work
💡 Note: If the key format causes errors (e.g.,
libcryptoerrors), regenerate the key in 1Password using OpenSSH format and re-fetch it.
🔹 3. Configure ~/.ssh/config for Multiple GitHub Accounts
Create or edit your SSH config file:
nano ~/.ssh/config
Add the following:
Host github-personal
HostName github.com
User git
IdentityFile ~/.ssh/id_personal
IdentitiesOnly yes
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/id_work
IdentitiesOnly yes
This tells SSH which identity (key) to use when you refer to GitHub using the alias github-personal or github-work.
🔹 4. Clone Repositories Using Host Aliases
Now that SSH knows which key to use, you can clone repositories like this:
For your personal GitHub account:
git clone git@github-personal:yourusername/repo.git
For your work GitHub account:
git clone git@github-work:yourorg/repo.git
This ensures the correct key is used without conflicts.
✅ Final Verification
To test whether each setup works correctly:
ssh -T github-personal
Expected output:
Hi yourusername! You've successfully authenticated, but GitHub does not provide shell access.
Likewise, for work:
ssh -T github-work
🧠 Bonus: Automate the Workflow
You can wrap the op commands and ssh-add calls in a script and run it after logging in:
#!/bin/bash
eval "$(ssh-agent -s)"
op signin my.1password.com myemail@example.com my-secret-key
op item get "github-personal-key" --field "private key" > ~/.ssh/id_personal
chmod 600 ~/.ssh/id_personal
ssh-add ~/.ssh/id_personal
# Repeat for work
Or add to your shell profile with appropriate session caching.
🛡️ Conclusion
Using the 1Password CLI with ssh-agent gives you a secure and flexible way to manage multiple GitHub SSH identities in a terminal-only setup. Whether you're working across multiple accounts or teams, this setup keeps your keys safe and your workflow efficient — all without ever touching a GUI.
Top comments (0)