Git does not know or care. It just starts ssh.
How does ssh know? It looks at your ~/.ssh/config file ( edit : or receives it from ssh-agent, see below):
Host github.com
Edit : here is a link to the Linux version of the ssh_config documentation . Although each system (MacOS, Linux, various BSDs, even Windows ports) has its own taste for ssh configurations, they all share most of these configurations. Pay attention to these two elements in particular (I slightly adjusted the formatting to avoid StackOverflow):
IdentitiesOnly
Indicates that ssh (1) should use only the authentication identifier files configured in ssh_config files, even if ssh-agent (1) or PKCS11Provider offers more identifiers. The argument to this keyword should be yes or no. This parameter is intended for situations when ssh-agent offers many different identifiers. the default is no.
IdentityFile
Specifies the file from which user DSA, ECDSA, ED25519, or RSA authentication is read. The default is ~/.ssh/identity for protocol version 1 and ~/.ssh/id_dsa , ~/.ssh/id_ecdsa , ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. In addition, any the identifiers represented by the authentication agent will be used for authentication if IdentitiesOnly set. ssh (1) will attempt to load the certificate information from the file name obtained by adding -cert.pub to the path specified by IdentityFile .
; or one of the following escape characters: '% d (local user home directory),'% u (local username), '% l (local host name),'% h (remote host name) or '% r (name remote user).
You can have multiple identity files specified in configuration files; all these identities will be checked sequentially. Several IdentityFile pointers will be added to the list of identifiers (this behavior is different from the behavior of another directive configuration).
IdentityFile can be used in conjunction with IdentitiesOnly select which identifiers in the agent are offered during authentication.
As Alexey Ten noted in the commentary , IdentityFile differs in that it is additive (and not one-setting-overrides-another).
You can also run ssh (manually) with optional -v options to track the connection. In Git, you can set GIT_SSH a script name that runs ssh -vvv for temporary tracing (or the fuss with the log level in your ~/.ssh/config file). I found this useful for debugging. (Note that you cannot pass ssh parameters through GIT_SSH , you need a one-line script, such as ssh-vvv , with one line reading ssh -vvv $@ .)