Managing Multiple SSH Keys to Avoid Heroku Permission Issues

I was a little surprised to have an access issue with Heroku when using my new Mac Book Pro, as its always been really easy to deploy my applications to Heroku in the past.  I kicked myself when I realised I’d only set up a public key specifically for my Github account.

This got me to wondering the best way to set up keys given I am using different services for both personal project and work.

The situation

I had created my first Clojure application using the built in Leiningen template for heroku, which creates everything you need to deploy your Clojure application on Heroku, even the Procfile.

I committed the project to my local git repository and pushed a copy to the github repository for the project.  Using foreman run I had the application running locally, so all that remained was to push it to Heroku.

When I tried to push to Heroku I got the following error message:

Heroku push error: permission denied (public key).

Heroku setup

To deploy your application to heroku, its simply a matter of

  • creating an heroku account
  • downloading the heroku toolbelt
  • loging in to heroku: heroku login
  • adding your public key to your heroku account: heroku keys:add
  • pushing your project to the heroku git repository: git push heroku master

If you dont have an existing key, then heroku keys:add will create one for you. In my case it picked up the only key I had, the one for Github. As this key is specifically set up for my Github account then its not surprising that it was not going to work.

Diagnosing the problem

The Heroku toolbelt gives you the tools to see whats going on, using heroku keys lists the public key added to your account. So when I checked my keys it was clear what the problem was.

The resolution

I could have just created a new key for Heroku account using the default file name ~/.ssh/ However, I can see myself getting confused over keys, so I created a key with a name that tells me what it is for. I also thought it may be more secure to have different keys for different servies.

I used the ssh-keygen command to create a key of type RSA and when asked for a file I gave it an heroku specific name, so I knew what it was for.

Once the key was created I added it to my Heroku account using heroku keys:add.

Looking at my keys, I see I now have two added to my Heroku account.

Lets remove the Github key using heroku keys:remove [KEY]

Now I just have the one public key added, the one specifically for Heroku.

Configuring multiple keys

As I am using multiple keys then I need to specify which one my SSH connection should use when connecting to Heroku.

To tell Heroku which key to use, we add in a simle host cofiguration section to ~/.ssh/config.

In your account home there is an .ssh folder that contains all your keys and any configuration file.  I create a file called config and added the following configuration options

## ~/.ssh/config

Port 22
IdentitiesOnly yes
IdentityFile ~/.ssh/heroku
TCPKeepAlive yes

Now when I push to Heroku I do so using the right key and everything works smoothly as usual.

Why not get yourself a free Heroku account and deploy your application in quickly and easily.

Thank you.