Multiple GitHub identities

Tips on setting up multiple GitHub accounts with SSH authentication, under WSL2

SSH keys on Windows and WSL 2 #

I followed this

From GitHub:

Outline #

Generate 2 SSH keypairs #

I use Windows Terminal, and connect to my Ubuntu 20.04 WSL2 distro

ssh-keygen -t rsa -b 4096 -C "work@emailaddr.ess"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nrubuntu/.ssh/id_rsa): /home/nrubuntu/.ssh/github-work
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nrubuntu/.ssh/github-work.
Your public key has been saved in /home/nrubuntu/.ssh/github-work.pub.
ssh-keygen -t rsa -b 4096 -C "personal@emailaddr.ess"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nrubuntu/.ssh/id_rsa): /home/nrubuntu/.ssh/github-personal
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nrubuntu/.ssh/github-personal.
Your public key has been saved in /home/nrubuntu/.ssh/github-personal.pub.

Create SSH config with alternative hostname for secondary GitHub account #

nano ~/.ssh/config

Create content:

########################
######## GLOBAL ########
#######################

Host *
AddKeysToAgent yes
ForwardAgent yes
IdentitiesOnly yes
PreferredAuthentications publickey
User git

# Default GitHub (work)
Host github.com
HostName github.com
IdentityFile ~/.ssh/github-work

# Alternative GitHub (personal)
Host personal.github.com
HostName github.com
IdentityFile ~/.ssh/github-personal

Set permissions on SSH keypairs and config #

chmod 400 ~/.ssh/github-personal
chmod 400 ~/.ssh/github-work
chmod 600 ~/.ssh/config

Review files and permissions #

ls -al ~/.ssh gives:

total 36
drwx------ 2 nrubuntu nrubuntu 4096 Aug 11 11:34 .
drwxr-xr-x 27 nrubuntu nrubuntu 4096 Aug 11 11:12 ..
-rw------- 1 nrubuntu nrubuntu 482 Aug 11 11:34 config
-rwxr-xr-x 1 nrubuntu nrubuntu 137 Jul 9 11:39 environment
-r-------- 1 nrubuntu nrubuntu 3326 Jul 9 11:39 github-personal
-rwxr-xr-x 1 nrubuntu nrubuntu 748 Jul 9 11:39 github-personal.pub
-r-------- 1 nrubuntu nrubuntu 3326 Jul 9 11:39 github-work
-rwxr-xr-x 1 nrubuntu nrubuntu 762 Jul 9 11:39 github-work.pub
-rw-r--r-- 1 nrubuntu nrubuntu 1869 Jul 9 11:39 known_hosts

Store keypairs in Password Manager #

I use LastPass with a hardware token, which in addition to storing passwords, supports the storage of SSH keypairs as a type, so I can set:

I tag these as favourites, which gives me easy access to them, particularly to copy the passphrase to the clipboard

Add public key to each GitHub account #

Find alternative GitHub email address #

Under emails setting, you can see a GitHub-generated "private" email address which you can use:

when performing web-based Git operations (e.g. edits and merges) and sending email on your behalf

They also call out the point:

If you want command line Git operations to use your private email you must set your email in Git

Note that if you already have a commit with a non-obfuscated email address, you might need to run git commit --amend --reset-author, wrapped in git rebase commands as described on GitHub

Set up dotfiles directory #

I've taken the approach from Nick Janetakis in:

Because I'm also trying to learn Vim, I find it easier to clone his whole repository

cd
git clone https://github.com/nickjj/dotfiles.git

If you don't want to do this, just create a directory dotfiles

~/.gitconfig contains:

[core]
editor = vim

[color "diff"]
whitespace = red reverse

[include]
path = ~/.gitconfig.user

[includeIf "gitdir:~/writing/"]
path = ~/dotfiles/.gitconfig.personal

Copy the proforma ~/dotfiles/.gitconfig.user into ~/.gitconfig.user

cp ~/dotfiles/.gitconfig.user ~/.gitconfig.user

Put your name and GitHub private email address in ~/.gitconfig.user:

[user]
name = Nick Romney
email = 23456789+nickromney@users.noreply.github.com

Here I view the private address from my work email as my primary. For you it may be that your personal one is your primary.

In the ~/.gitconfig file, I used the includeIf directive - this detects if I'm in the ~/writing directory, and if so, switches to use my personal config

~/.gitconfig.personal


[user]
name = Nick Romney
email = 98765432+nickromney@users.noreply.github.com

List keys with ssh-add -l

You should see:


The agent has no identities.

Then add:

ssh-add ~/.ssh/github-work

Note that I'm only adding my primary identity. Because I secure it with a passphrase, on reboot, I don't want to have to enter passphrases for both identities.

Re-list with ssh-add -l (your SHA-256 values will be different)

4096 SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI /home/nrubuntu/.ssh/github-work (RSA)

Update packages, then add keychain

sudo apt-get update
sudo apt-get upgrade -y
sudo apt install keychain

From https://medium.com/@pscheit/use-an-ssh-agent-in-wsl-with-your-ssh-setup-in-windows-10-41756755993e

Append this line to your ~/.bashrc

/usr/bin/keychain --nogui $HOME/.ssh/github-work
source $HOME/.keychain/$HOSTNAME-sh

Ensure that the ssh-agent is working:

eval "$(ssh-agent -s)"

And check that GitHub can use your keys:

ssh -vT git@github.com

From the output we see:

debug1: Will attempt key: /home/nrubuntu/.ssh/github-work RSA SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI explicit agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/nrubuntu/.ssh/github-work RSA SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI explicit agent
debug1: Server accepts key: /home/nrubuntu/.ssh/github-work RSA SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI explicit agent
debug1: Authentication succeeded (publickey).

References #

Tagged

🙏🙏🙏

Since you've made it this far, sharing this article on your favorite social media network would be highly appreciated 💖! For feedback, please ping me on Twitter.

Published