Staying sane while using many git accounts
The other day, I wanted to work with many git accounts on my laptop and I felt it was not easy and required many steps. I had to understand how things worked when you use git via ssh and the role of ssh-agent. Also, I had to refer to many articles and connect dots from them to be able to make it work for me. I felt I should document these steps so it can help other folks to use this and save time and the possible pain points they might be facing :)
If you don’t have the need to use many git accounts - I’m sure there will be learnings for you on how things actually work. So stay with me and keep reading
In case you have an existing git setup and looking to to start fresh, head to Troubleshoot section
Setting Up
Generate SSH keys
Check your current SSH keys (back if you need them before deleting or leave them). They are all located at ~/.ssh/
. View them using ls -al ~/.ssh/
Generate new SSH keys using below commands
ssh-keygen -t rsa -C "vg@work.com" -f "id_work_user"
Set the passphrase, so the keys are secure even if you lose the device. Also let’s use RSA and avoid using DSA based algorithms (blog post coming soon on that). There are 2 files generated id_work_user
and id_work_user.pub
at the location ~/.ssh
.
Let’s dissect the above command.
-t
option to specify the encryption algorithm, default is DSA. I will write more about how DSA can be brute forced even with password enabled ssh keys
-C
comment that will help us associate the key with its purpose, we will see the command later
-f
file name can be used for saving
Run the above command for the other git accounts too
ssh-keygen -t rsa -C "vinayakg@personal.com" -f "id_my_user"
All the generated keys will be at ~/.ssh
and we have 2 private keys (no extn) and 2 public keys (.pub
)
Let your provider know these keys
This will help us setup the auth when we push or pull code via git. We will use GitHub for this example
Copy your public key pbcopy < ~/.ssh/id_work_user.pub
and then log in to your personal GitHub account:
- Go to
Settings
- Select
SSH and GPG keys
from the menu to the left. - Click on
New SSH key
, provide a suitable title, and paste the key in the box below - Click
Add key
— and you’re done!
Repeat the above steps for the other keys generated for other accounts in the above step
Setting up and usage
The SSH-Agent way
To use the above keys for auth we need to register with the ssh-agent
on our machine. Ensure ssh-agent
is running on the machine by using this command
eval "$(ssh-agent -s)"
Now add these agents using the below command
ssh-add ~/.ssh/id_rsa
ssh-add ~/.ssh/id_rsa_work_user1
Usage
To start using ssh-agent, you need to set useremail registered with git. git uses this for authentication, username (does not matter - could be any, please do try and see
Commands:
git config -l #list the current config
git config --global user.name 'vinayakg' #set the git username in config globally
git config --global user.email 'vg@work.com' #set the git useremail in config globally
With the config set , we need to set the ssh-agent - it only accepts one active key at a time
ssh-add -D && ssh-add ~/.ssh/id_work_user
The above command will delete all existing set keys ssh-agent for ssh-agent and will set the one we want
And you can do a git clone on a new repository and work with it by using our familiar commands
git clone git@github.com:vinayakg/repo
The next time you have to work on many git accounts follow the above steps (git config
&& ssh-add
). It’s also possible to create handy aliases in git or in shell to save the number of keystrokes. You need not use the global command with git config if you are working on an existing repository. It’s also possible to set email in the local .git/config, but this is not helpful for new repositories
The SSH Config way ( The Preferred way)
Here we are going to use the same ssh config that we use for SSH auth while connecting to other machines over cloud. This method needs only changing the url while git clone
and setting the url while adding git remote
. Also this does not rely on any folder structures or other commands. (No need to customize git url if you just want to checkout/clone some code)
The SSH config is at ~/.ssh/config
. If this file does not exist for you, please go ahead and create it.
touch ~/.ssh/config
Now open the editor and add the below config
# Personal account
Host gh # used for identifying amongst other accounts
HostName github.com # git provider website
User git # default user, no need to change
#AddKeysToAgent yes # we are using many, so we will ignore this
UseKeychain yes # save to keychain
IdentityFile ~/.ssh/id_work_user # private key
# Work account-1
Host gh-work
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_work_user
We will see below how to use these ==Host== name that we setup
Usage
Now we have 2 accounts configured. Let’s say you want to clone code from the personal account. Use the below command. This command will set correct git remotes. So we don’t have to worry when we switch back after working in another account
git clone git@gh:vinayakg/repo
For second, we can use the similar command
git clone git@gh-work:work/repo
Troubleshooting
Issues with existing git accounts on your machine
The default git account on the machine seems to take precedence and wont let us use the other git account. To set things fresh, let’s clear using the below command. git config won’t be of so much help
Follow the below steps to reset your existing/previous settings
Step 1
$ git credential-osxkeychain erase
host=github.com
protocol=https
<press return>
<press return>
Step 2
Follow this step if step1 did not work
Go to Launcher :arrow_right: search box :arrow_right:type git username :arrow_right: then press delete :x:
Step 3
Now check your ssh-add listing and see the certifications that are currently configured. If you see any suspects go ahead and delete them
ssh-add -l
lists the attached credentials
ssh-add -D
delete all the attached ones
And if you have many or user.email
or user.name
then go ahead and clear them with the following commands
git config --unset user.email && git config --unset user.name
Permission denied (publickey)
Try to debug and see why the auth is failing using the below command. user is always git
(for more details see here) and gh
is the alias that we have set (gh
translates to github.com
)
ssh -vT git@gh
Check if you have the right key on GitHub by using the below command
ssh-add -l -E md5
Change remotes for existing git repositories
If you have existing repository, you can change the remotes using the below command
git remote set-url origin git@gh-work:work/repo
More Tips
You can also use git config
with includeIf to set git config
for work and personal account, thats a preference; I will leave that for now
[includeIf "gitdir:~/work/"]
path = ~/work/.gitconfig
And the corresponding config too
[user]
email = john.doe@company.tld
Learnings & Conclusion
It was real fun learning and experimenting all this with multiple accounts all by myself. I also understood the major role of ssh-agent works and how you don’t need the agent for git auth if you use the ssh config
If there are any missing pieces, feel free to let me know in the comments section below
References:
https://stackoverflow.com/questions/4220416/can-i-specify-multiple-users-for-myself-in-gitconfig
https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent
https://www.freecodecamp.org/news/manage-multiple-github-accounts-the-ssh-way-2dadc30ccaca/
https://help.github.com/en/github/authenticating-to-github/error-permission-denied-publickey