1

I find GitHub identities to be very confusing and I regularly struggle with them.

Today, my issue is that I've joined another org's GitHub repository as Owner, but I can't pull from my computer. Although, for a different org, it works properly.

git@github.com:DNA-PC/RepoA.git (✅ pull works, uses "DNA-PC" GitHub account)
git@github.com:NEW_ORG/RepoB.git (❗️ pull fails, uses "DNA-PC" GitHub account)
git@github.com:OLD_ORG/RepoC.git (✅ pull works, uses "DNA-PC" GitHub account)
git@github.com:ANOTHER_OLD_ORG/RepoD.git (❗️ pull fails, uses "Vadorequest" GitHub account)
git@github.com:Vadorequest/RepoE.git (✅ pull works, uses "Vadorequest" GitHub account)

enter image description here

I can't figure out why it doesn't work for the new Org, where I have Owner permissions on all repos. Also, I've noticed by re-trying all my account that another old org isn't working anymore either.

To me, things could be simple:

  • I have 2 different GitHub accounts (Vadorequest, DNA PC)
  • Each has access to different repositories
  • Each should be able to pull all repositories they have access to, and SSH keys are proof of identity

So, how is it possible that I can fetch from RepoA and RepoC but not from RepoB? They should all be verified using the same SSH key.

I had to setup "complicated" stuff to make my 2 identities work:

  • Add several RSA identities in ~/.ssh, one for each GitHub Account (Vadorequest, DNA PC)
  • Add some SSH config with multiple hosts

~/.ssh/config

Host personal-github
  HostName github.com
  IdentityFile ~/.ssh/id_rsa_personal

Host dna-pc-github
  HostName github.com
  IdentityFile ~/.ssh/id_rsa_dna-pc-pro

"complicated": I don't understand how it works, and had to follow blindly some tutorials to have something working, and had to change the format of that multiple times, because each variation had its own issues... (e.g: WebStorm not able to use "Open on GitHub", etc.)

I'm looking for an explanation as to why this setup doesn't work, and what should be the best practice for this setup in 2023.

enter image description here

Vadorequest
  • 16,593
  • 24
  • 118
  • 215

2 Answers2

2

I had to setup "complicated" stuff to make my 2 identities work

The "complex" part is in the remote URL, that you need to modify, in order to use the SSH config file settings:

cd /path/to/personal/repo
git remote -v
git remote set-url origin personal-github:me/myrepo

# or
cd /path/to/dna-pc/repo
git remote -v
git remote set-url origin dna-pc-github:me/myrepo

Note, this assumes a config file with the User git added in it:

Host personal-github
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_personal

Host dna-pc-github
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_dna-pc-pro

That way, you don't need to add git@ in your remote URL.

If that SSH URL scheme is not supported by WebStorm and IntelliJ product (as illustrated by IDEA-250070), then use an HTTPS URL with:

  • the right username in the URL
  • GCM installed (It is installed automatically if you are using Git for Windows, for instance)

Register a PAT for each of your account, and make sure to register that PAT in your credential helper

git config --global credential.helper manager
printf "host=github.com\nprotocol=https\nusername=user1\npassword=PAT1" \
  git credential-manager store

And:

cd /path/to/personal/repo
git remote -v
git remote set-url origin https://me@github.com/me/myrepo

# or
cd /path/to/dna-pc/repo
git remote -v
git remote set-url origin https://dna@github.com/me/myrepo

Your IDEs/tools should pick up the right credentials then.

If you do not want to change the URLs, you can use, as you do in your gist, a combination of:

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I believe I had set up something like this at some point in the past, and then changed it because it wasn't compatible with the way WebStorm and IntelliJ products behave, as it wouldn't allow using the "Open in > GitHub" feature anymore for custom github names. Also, having to change the remote in every repository feels like a bad practice, not only it makes the process of cloning a new repo harder, it also requires updating all existing repos on all my devices, that's a few hundreds. Isn't there a simpler way that could be centralized in the SSH config instead? – Vadorequest Aug 22 '23 at 06:34
  • Regarding WebStorm, here is one discussion that shines some light upon the issue: https://youtrack.jetbrains.com/issue/IDEA-250070 Basically, if the remote isn't github.com then the feature is disabled. – Vadorequest Aug 22 '23 at 06:36
  • 1
    @Vadorequest OK. I have edited the answer to propose an alternative approach. – VonC Aug 22 '23 at 06:46
  • Thank you, that's an approach I had never seen elsewhere. Unfortunately, I believe it still requires updating each repository manually (set a different origin, using custom path). This article explains a different approach, which seem to centralize everything in the .ssh files, using `includeif`: https://gist.github.com/yinzara/bbedc35798df0495a4fdd27857bca2c1 - I'll try it out first – Vadorequest Aug 22 '23 at 07:01
  • @Vadorequest No custom path needed, but yes, changing the origin is required. – VonC Aug 22 '23 at 07:03
  • 1
    @Vadorequest The includeIf option is interesting. I mentioned it [here before](https://stackoverflow.com/a/60787084/6309) – VonC Aug 22 '23 at 07:05
1

Following this article, here is my solution: https://gist.github.com/Vadorequest/39315e71dc31b92087aeedca6fdec0df

I made a Gist, as it makes it easier to read.

This solution leans towards simplicity:

  • No need to use a different origin for each repository
  • I can simply copy/paste what GitHub gives me, when doing git clone for a new repo
  • It handles all the shared config in shared files, and each GitHub user has its own configuration (different name/email, PGP key, etc.)
  • I added a rule that makes my former way of writing backward-compatible (to avoid having to update all my existing repos for DNA PC)

I did encounter an issue due to my existing SSH keys (SHA), somehow my personal SSH key wouldn't let me log in using this setup (issued in 2018), but using a brand new SSH keys (ed25519) fixed it (I guess it's related to the security emails GitHub sent me months ago...).

While @VonC answer was interesting, it didn't solve the issue with repeating the same setup for each local repository, which was a real pain for me (and same when cloning).

This answer assumes a directory folder structure such as:

  • ~/dev/vadorequest
  • ~/dev/dna-pc
  • ~/dev/unlyEd

This made it easier to organize everything. Each folder name should match the GitHub user used to perform Git pull/push operations. (but not necessarily, in my case unlyEd folder uses Vadorequest GitHub user, the identity being handled through ~/.gitconfig)

Vadorequest
  • 16,593
  • 24
  • 118
  • 215
  • 1
    Nice combination of insteadOf (URL rewrite) and includeIf (config conditional include). I have updated my answer to be complete. Upvoted. – VonC Aug 22 '23 at 12:25