DEV Community

Daniel Mayovsky
Daniel Mayovsky

Posted on

How to Use Your Personal Git SSH at Work

Story

Since I work from home on the company laptop, sometimes I want to make a quick commit to my personal repository, without starting up my personal computer. But Github blocked password authentication in August 2021. From now on you must either use SSH keys, or configure a PAT (Personal Access Token) from Github.

I find SSH to be vastly more convenient, but my default SSH key is already taken by my workplace.

Problem

When I push to my personal git account with my work's (or default) SSH key, I get this error:

ERROR: Repository not found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Enter fullscreen mode Exit fullscreen mode

Wrong solutions

  1. Use the same SSH key for both personal and work computers. Do not do that.

That is a security issue you do not want to deal with. Do not copy an SSH key from your home machine to your work laptop, and vice versa.

  1. Adding laptop's SSH key to your personal GitHub account.

Not recommended, because your work's SSH .pub file contains your work email, and you don't want that associated with your personal GitHub account.

Solutions

1. Configuring SSH and Git

Create separate configuration files for SSH, and make Git use those separate SSH files.

You must create two separate .ssh/config files for each GitHub account you want to use. Each config file must specify a separate identity that you want SSH to use, for each account. You must generate separate identity keys for your accounts beforehand.

host github.com
user git
identityfile ~/.ssh/id_ed25519 # indentity key, without .pub ending
Enter fullscreen mode Exit fullscreen mode

This way, I created two separate config files: ~/.ssh/work_config and ~/.ssh/personal_config

Each config has a different identityfile being used.

the Git portion

On your work laptop, you might prefer to have global git config to be your job's git config. And then configure your personal repositories locally (isolated to a single repository) with git config --local. That's the strategy that I use.

For your work/global git configuration, you can simply type:

git config --global core.sshCommand "ssh -F ~/.ssh/work_config"
Enter fullscreen mode Exit fullscreen mode

after that, you can go to your personal repository and configure git the way you'd configure it on your personal machine.

git config --local user.name # your personal config
git config --local user.email # that you use on your personal machine
git config --local core.sshCommand "ssh -F ~/.ssh/personal_config"
Enter fullscreen mode Exit fullscreen mode

This way, git will use different ssh commands, with different identity files for your personal and work-related projects.

2. Solution without the core.sshCommand change

As suggested by a comment, here is an alternative solution that I've read through. Very clever approach as well:
https://dev.to/jimzandueta/setup-your-ssh-configuration-file-1m9e

You're welcome to ask questions in the comments, and I'll make appropriate edits.

Top comments (4)

Collapse
 
jake_nelson profile image
Jake Nelson • Edited

Thanks for the article. To call out the legalities as I understand it in a lot of countries. Company's can lay claim to software you write under certain conditions. If it's close to your employer's field, if it was done on company time, or if it was done from a company device.

It's extremely unlikely your employer would do this but for some that risk isn't acceptable.

Collapse
 
weirdmayo profile image
Daniel Mayovsky

If it's close to your employer's field

This one is the most prevalent, and also makes total sense. Usually when you receive the job, you're giving papers to sign. One in particular usually specifically states that you're not allowed to be working on a competing product during your employment at the company at all, not just company time. And that makes complete sense.
All the other ones line "done on company time" and "done from a company device" are more rare, because they are quite arbitrary.

I know graphic designers have to deal with this sort of stuff sometimes. As in, they sign up to the company "owning their talent", which means they can't even freelance outside of their employment, because "their talent is owned by their employer". Not sure how that could be defended in court, but I've heard that happens.

Collapse
 
ccoveille profile image
Christophe Colombier • Edited
Collapse
 
weirdmayo profile image
Daniel Mayovsky

Actually very interesting.

Instead of re-configuring the sshCommand in git, you could just change the host name in the remote url of the repository, and have ssh take care of redirection. That's awesome!

In both solutions you have to intentionally mess with both Git and SSH, just in different ways. I'll leave a link to that one in the actual article then. Worth it :)