Like a lot of techies, I author this blog using Jekyll and host my the site’s code on github. However, I use a separate github user account from what I use at work, for obvious reasons: anonymonimity, privacy, separation, etc. Bitbang and I both had this need and we followed an article similar to this one:
The TLDR; version of the above article is more or less 5 easy steps:
Multiple SSH Key and User Setup with Github
Setup separate SSH keys using sshkey-gen:
ssh-keygen -t rsa -b 4096 -C "email@example.com"
like you normally would when setting up a new key.
~/.ssh/configor wherever your SSH config file is. I added something like this:
Host github-sevus ForwardAgent yes Hostname github.com User git IdentityFile ~/.ssh/id_rsa_sevus
You need a host setting like that for each alternative user/key you’re going to use.
Set your origin in your git repo. I did the following:
git remote add origin git@github-sevus:IPushButtonsFTW/website.git
Add your new public key RSA into github. You can cat just the file like I did with something like
cat ~/.ssh/id_rsa_sevus.pub(Note that .pub) and paste the results in github’s SSH key settings:
Make sure you invite that alternative user into the github repo as a collaborator.
That should be it. There’s a few other odds and ends in that article by Tiffany Brown like using
ssh-add to add the new key to the agent, which may or may not be necessary.
If none of this makes sense, the short of it is you are sort of tricking SSH. You’re telling SSH there’s a new host local to your machine and to use a different identity file with that host when you SSH to it. Its similar to setting up
/etc/hosts but it only works for ssh. Then in your github repo, you use that same host host in the URL of the origin. Github will try to SSH to authenticate to that fake host (
github-sevus in my case) and it will use the alternate public key (
~/.ssh/id_rsa_sevus) in the config file. Github will then see you as a different user. Voila.
But It Wasn’t Working!
Instead of being able to push and pull, I kept getting the following:
ERROR: Repository not found. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
Not super helpful. I triple checked my github.com settings, my public key, my hosts inside of
~/.ssh/config and still nothing would work. I couldn’t push or pull. I just flat out didn’t have access.
SSH to the Rescue
On a whim, I tried to SSH to github.com to see if I was able to authenticate. I did authenticate successfully, but not as s3vus!
$ ssh git@github-sevus PTY allocation request failed on channel 0 Hi (username)! You've successfully authenticated, but GitHub does not provide shell access. Connection to github.com closed.
I was essentially trying to ssh to that fake host “github-sevus” which will go to github using my alernate identity file. Where “Hi (username)!” was I should have beeing seing “Hi s3vus!” (my github username has a “3” in it), but instead I was seeing my default github account. SSH was sending the wrong key to github. At least now I knew what the problem was.
Github disconnects you after you authenticate, because they obviously don’t want you to actually access their servers via a shell, but they conveniently let you know if you authenticated correctly and as what user.
Okay…so I’m still logging in as my work username, but why? Why is SSH not sending my sevus key?
Back to SSH config
I have a rather large ssh config file for work reasons I won’t go into right now, but I finally found the culprit. This little gem was sitting in my config:
Host * UseKeychain yes AddKeysToAgent yes ForwardAgent yes StrictHostKeyChecking no IdentityFile ~/.ssh/id_rsa
This was at the top of my
~/.ssh/config file. I had assumed that the other hosts, like
github-sevus would override the generic asterisk host, but that wasn’t the case. Bitbang also looked at it and thought maybe the order of the hosts mattered, so we tried putting the
Host * section at the end of the file, but this didn’t help either.
Finally, I just removed the IdentityFile from the global host and kept all the other settings so it looked like this:
Host * UseKeychain yes AddKeysToAgent yes ForwardAgent yes StrictHostKeyChecking no
When I attempted to
ssh git@github-sevus again, I got this:
$ ssh git@github-sevus PTY allocation request failed on channel 0 Hi s3vus! You've successfully authenticated, but GitHub does not provide shell access. Connection to github.com closed.
Success! I could then push and pull to my repo as s3vus.
What about git history?
Logging in to github doesn’t ensure your github history will show the correct username and email, since you always commit those locally. That’s simple: just setup a local configuration setting for that repo:
git config --local user.name sevus git config --local user.email firstname.lastname@example.org
This way git will mark that local repo with your preferred user and email, but this has nothing to do with github or authentication.
It was a tough battle, but I finally got ssh to authenticate with the correct user on github.com and I learned a bit about SSH config for my trouble.