Github Weirdness: Multiple github users and ssh keys

Like a lot of techies, I author this blog using Jekyll and host my the site’s code on github. However, I use a separate github user account from what I use at work, for obvious reasons: anonymonimity, privacy, separation, etc. Bitbang and I both had this need and we followed an article similar to this one:

Using Multiple Keys with GitHub

The TLDR; version of the above article is more or less 5 easy steps:

Multiple SSH Key and User Setup with Github

  1. Setup separate SSH keys using sshkey-gen:

    ssh-keygen -t rsa -b 4096 -C "sevus@example.com"

    like you normally would when setting up a new key.

  2. Update ~/.ssh/config or wherever your SSH config file is. I added something like this:

     Host github-sevus
     ForwardAgent yes
     Hostname github.com
     User git
     IdentityFile ~/.ssh/id_rsa_sevus
    

    You need a host setting like that for each alternative user/key you’re going to use.

  3. Set your origin in your git repo. I did the following:

    git remote add origin git@github-sevus:IPushButtonsFTW/website.git

  4. Add your new public key RSA into github. You can cat just the file like I did with something like cat ~/.ssh/id_rsa_sevus.pub (Note that .pub) and paste the results in github’s SSH key settings:

  5. Make sure you invite that alternative user into the github repo as a collaborator.

That should be it. There’s a few other odds and ends in that article by Tiffany Brown like using ssh-add to add the new key to the agent, which may or may not be necessary.

WAT

If none of this makes sense, the short of it is you are sort of tricking SSH. You’re telling SSH there’s a new host local to your machine and to use a different identity file with that host when you SSH to it. Its similar to setting up /etc/hosts but it only works for ssh. Then in your github repo, you use that same host host in the URL of the origin. Github will try to SSH to authenticate to that fake host (github-sevus in my case) and it will use the alternate public key (~/.ssh/id_rsa_sevus) in the config file. Github will then see you as a different user. Voila.

But It Wasn’t Working!

Instead of being able to push and pull, I kept getting the following:

ERROR: Repository not found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Not super helpful. I triple checked my github.com settings, my public key, my hosts inside of ~/.ssh/config and still nothing would work. I couldn’t push or pull. I just flat out didn’t have access.

SSH to the Rescue

On a whim, I tried to SSH to github.com to see if I was able to authenticate. I did authenticate successfully, but not as s3vus!

$ ssh git@github-sevus

PTY allocation request failed on channel 0
Hi (username)! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

I was essentially trying to ssh to that fake host “github-sevus” which will go to github using my alernate identity file. Where “Hi (username)!” was I should have beeing seing “Hi s3vus!” (my github username has a “3” in it), but instead I was seeing my default github account. SSH was sending the wrong key to github. At least now I knew what the problem was.

Github disconnects you after you authenticate, because they obviously don’t want you to actually access their servers via a shell, but they conveniently let you know if you authenticated correctly and as what user.

Okay…so I’m still logging in as my work username, but why? Why is SSH not sending my sevus key?

Back to SSH config

I have a rather large ssh config file for work reasons I won’t go into right now, but I finally found the culprit. This little gem was sitting in my config:

Host *
  UseKeychain yes
  AddKeysToAgent yes
  ForwardAgent yes
  StrictHostKeyChecking no
  IdentityFile ~/.ssh/id_rsa

This was at the top of my ~/.ssh/config file. I had assumed that the other hosts, like github-sevus would override the generic asterisk host, but that wasn’t the case. Bitbang also looked at it and thought maybe the order of the hosts mattered, so we tried putting the Host * section at the end of the file, but this didn’t help either.

Finally, I just removed the IdentityFile from the global host and kept all the other settings so it looked like this:

Host *
  UseKeychain yes
  AddKeysToAgent yes
  ForwardAgent yes
  StrictHostKeyChecking no

When I attempted to ssh git@github-sevus again, I got this:

$ ssh git@github-sevus

PTY allocation request failed on channel 0
Hi s3vus! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

Success! :tada: I could then push and pull to my repo as s3vus.

What about git history?

Logging in to github doesn’t ensure your github history will show the correct username and email, since you always commit those locally. That’s simple: just setup a local configuration setting for that repo:

git config --local user.name sevus
git config --local user.email sevus@ipushubuttons.io

This way git will mark that local repo with your preferred user and email, but this has nothing to do with github or authentication.

It was a tough battle, but I finally got ssh to authenticate with the correct user on github.com and I learned a bit about SSH config for my trouble.