Multiple GitHub identities

Tips on setting up multiple GitHub accounts with SSH authentication, under WSL2

SSH keys on Windows and WSL 2

I followed this

From GitHub:

• Check for existing SSH keys
• Generate a new SSH key
• Add a new SSH key to your GitHub account

Outline

• Generate 2 SSH keypairs
• Create SSH config with alternative hostname for secondary GitHub account
• Set permissions on SSH keypairs and config
• Review files and permissions
• Store keypairs in Password Manager
• Add public key to each GitHub account
• Find alternative GitHub email address
• Set up dotfiles directory
• Set up symlinks to dotfiles
• Create .gitconfig

Generate 2 SSH keypairs

I use Windows Terminal, and connect to my Ubuntu 20.04 WSL2 distro

ssh-keygen -t rsa -b 4096 -C "work@emailaddr.ess"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nrubuntu/.ssh/id_rsa): /home/nrubuntu/.ssh/github-work
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nrubuntu/.ssh/github-work.
Your public key has been saved in /home/nrubuntu/.ssh/github-work.pub.

ssh-keygen -t rsa -b 4096 -C "personal@emailaddr.ess"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nrubuntu/.ssh/id_rsa): /home/nrubuntu/.ssh/github-personal
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nrubuntu/.ssh/github-personal.
Your public key has been saved in /home/nrubuntu/.ssh/github-personal.pub.

Create SSH config with alternative hostname for secondary GitHub account

nano ~/.ssh/config

Create content:

########################
######## GLOBAL ########
#######################

Host *
  AddKeysToAgent yes
  ForwardAgent yes
  IdentitiesOnly yes
  PreferredAuthentications publickey
  User git

# Default GitHub (work)
Host github.com
  HostName github.com
  IdentityFile ~/.ssh/github-work

# Alternative GitHub (personal)  
Host personal.github.com
  HostName github.com
  IdentityFile ~/.ssh/github-personal

Set permissions on SSH keypairs and config

chmod 400 ~/.ssh/github-personal
chmod 400 ~/.ssh/github-work
chmod 600 ~/.ssh/config

Review files and permissions

ls -al ~/.ssh gives:

total 36
drwx------  2 nrubuntu nrubuntu 4096 Aug 11 11:34 .
drwxr-xr-x 27 nrubuntu nrubuntu 4096 Aug 11 11:12 ..
-rw-------  1 nrubuntu nrubuntu  482 Aug 11 11:34 config
-rwxr-xr-x  1 nrubuntu nrubuntu  137 Jul  9 11:39 environment
-r--------  1 nrubuntu nrubuntu 3326 Jul  9 11:39 github-personal
-rwxr-xr-x  1 nrubuntu nrubuntu  748 Jul  9 11:39 github-personal.pub
-r--------  1 nrubuntu nrubuntu 3326 Jul  9 11:39 github-work
-rwxr-xr-x  1 nrubuntu nrubuntu  762 Jul  9 11:39 github-work.pub
-rw-r--r--  1 nrubuntu nrubuntu 1869 Jul  9 11:39 known_hosts

Store keypairs in Password Manager

I use LastPass with a hardware token, which in addition to storing passwords, supports the storage of SSH keypairs as a type, so I can set:

• Bit Strength
• Passphrase
• Private Key
• Public Key
• Hostname

I tag these as favourites, which gives me easy access to them, particularly to copy the passphrase to the clipboard

Add public key to each GitHub account

• add each SSH key to its corresponding GitHub account

Find alternative GitHub email address

Under emails setting, you can see a GitHub-generated "private" email address which you can use:

when performing web-based Git operations (e.g. edits and merges) and sending email on your behalf

They also call out the point:

If you want command line Git operations to use your private email you must set your email in Git

Note that if you already have a commit with a non-obfuscated email address, you might need to run git commit --amend --reset-author, wrapped in git rebase commands as described on GitHub

Set up dotfiles directory

I've taken the approach from Nick Janetakis in:

• creating a separate directory to store different configuration files in a sub-directory
• creating symbolic links

Because I'm also trying to learn Vim, I find it easier to clone his whole repository

cd
git clone https://github.com/nickjj/dotfiles.git

If you don't want to do this, just create a directory dotfiles

~/.gitconfig contains:

[core]
        editor = vim

[color "diff"]
        whitespace = red reverse

[include]
        path = ~/.gitconfig.user

[includeIf "gitdir:~/writing/"]
    path = ~/dotfiles/.gitconfig.personal

Copy the proforma ~/dotfiles/.gitconfig.user into ~/.gitconfig.user

cp ~/dotfiles/.gitconfig.user ~/.gitconfig.user

Put your name and GitHub private email address in ~/.gitconfig.user:

[user]
        name = Nick Romney
        email = 23456789+nickromney@users.noreply.github.com

Here I view the private address from my work email as my primary. For you it may be that your personal one is your primary.

In the ~/.gitconfig file, I used the includeIf directive - this detects if I'm in the ~/writing directory, and if so, switches to use my personal config

~/.gitconfig.personal

[user]
        name = Nick Romney
        email = 98765432+nickromney@users.noreply.github.com

List keys with ssh-add -l

You should see:

The agent has no identities.

Then add:

ssh-add ~/.ssh/github-work

Note that I'm only adding my primary identity. Because I secure it with a passphrase, on reboot, I don't want to have to enter passphrases for both identities.

Re-list with ssh-add -l (your SHA-256 values will be different)

4096 SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI /home/nrubuntu/.ssh/github-work (RSA)

Update packages, then add keychain

sudo apt-get update
sudo apt-get upgrade -y
sudo apt install keychain

From https://medium.com/@pscheit/use-an-ssh-agent-in-wsl-with-your-ssh-setup-in-windows-10-41756755993e

Append this line to your ~/.bashrc

/usr/bin/keychain --nogui $HOME/.ssh/github-work
source $HOME/.keychain/$HOSTNAME-sh

Ensure that the ssh-agent is working:

eval "$(ssh-agent -s)"

And check that GitHub can use your keys:

ssh -vT git@github.com

From the output we see:

debug1: Will attempt key: /home/nrubuntu/.ssh/github-work RSA SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI explicit agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/nrubuntu/.ssh/github-work RSA SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI explicit agent
debug1: Server accepts key: /home/nrubuntu/.ssh/github-work RSA SHA256:AO5SK6f3c0MZZApDVXcWNntdx90CpdpzC+0kwA0tAqI explicit agent
debug1: Authentication succeeded (publickey).

References

• github.com/ohmyzsh/ohmyzsh/tree/master/plug..
• gist.github.com/kevin-smets/8568070
• jack-kawell.com/2019/11/04/setting-up-power..
• sitepoint.com/zsh-tips-tricks
• kifarunix.com/install-and-setup-zsh-and-oh-..
• blog.nillsf.com/index.php/2020/02/17/settin..