configuration
Start the ssh agent (add this to your ~/.zshrc, for example):
eval "$(ssh-agent -s)"
Add the following at the head of ~/.gitconfig in order to specify a git configuration per path. These are called conditional includes:
[includeIf "gitdir:~/path/work/"]
path = .gitconfig-work
[includeIf "gitdir:~/path/play/"]
path = .gitconfig-play
Contents of ~/.gitconfig-work or ~/.gitconfig-play:
[user]
name = A B
username = ab
email = ab@e.mail
[core]
sshCommand = ssh -i ~/.ssh/id_ed25519-work -F none -o "IdentitiesOnly=yes"
-F none specifies that ssh shall not look any files, thus forcing (in theory) it to use the key specified with -i.
But despite -F none, -v informed me it was still looking in ~/.ssh/known_hosts. So, I added -o "IdentitiesOnly=yes" (see man pages here), which in practice does not look in my known hosts file.
debugging
List the source of each git configuration:
git config --list --show-origin
Unset credential helper:
git config --global --unset credential.helper
Show some in-scope git configurations:
git config user.email
git config user.username
git config core.sshCommand
See the full debugs logs of ssh to determine exactly where it's finding ssh keys:
ssh -v
git uses your ssh key to identify you. Determine which user git is authenticating you as:
ssh -T git@github.com
You can also give it all the options you're providing when sshing to git:
ssh -i ~/.ssh/id_ed25519 -F none -o "IdentitiesOnly=yes" -T git@github.com
For other setups, rather than specifying the exact ssh key, you can set various IdentityFile in ~/.ssh/config. It's reasonable practice to specify the host rather than use a wildcard:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519-work
IdentityFile ~/.ssh/id_ed25519-play