Skip to content

Instantly share code, notes, and snippets.

@kntjspr

kntjspr/ssh.md

Last active November 27, 2025 13:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kntjspr/13db8d127b5b22ca121116f16df5ad55 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kntjspr/13db8d127b5b22ca121116f16df5ad55 to your computer and use it in GitHub Desktop.
Download ZIP
Add SSH to github
Raw
ssh.md

⚙️ GOAL

Account Purpose Repo Origin SSH Key GPG Key Encryption
dev Development git@github.com:dev-user/dev-repo.git /root/.ssh/id_dev_ed25519 dev <kntjspr26@gmail.com> git-crypt (Dev PGP)
prod Production git@github.com:prod-user/prod-repo.git /root/.ssh/id_prod_ed25519 prod <other@mail.com> git-crypt (Prod PGP)

Everything runs in WSL, keys stored under root, users without root cannot access or push.

1. Generate SSH keys (as root)

sudo su
mkdir -p /root/.ssh && chmod 700 /root/.ssh
ssh-keygen -t ed25519 -C "dev@github" -f /root/.ssh/id_dev_ed25519
ssh-keygen -t ed25519 -C "prod@github" -f /root/.ssh/id_prod_ed25519
chmod 600 /root/.ssh/id_*

View public keys and add them to each GitHub account:

cat /root/.ssh/id_dev_ed25519.pub
cat /root/.ssh/id_prod_ed25519.pub

Add those in GitHub → Settings → SSH and GPG keys → New SSH key.

2. Configure SSH for both accounts

Create /root/.ssh/config:

sudo nano /root/.ssh/config

Paste:

# Dev account
Host github-dev
  HostName github.com
  User git
  IdentityFile /root/.ssh/id_dev_ed25519
  IdentitiesOnly yes

# Prod account
Host github-prod
  HostName github.com
  User git
  IdentityFile /root/.ssh/id_prod_ed25519
  IdentitiesOnly yes

3. Test SSH connections

ssh -T github-dev
ssh -T github-prod

You should see:

Hi <user>! You've successfully authenticated, but GitHub does not provide shell access.

4. Configure per-repo Git identity

For dev repo:

cd /path/to/dev-repo
git init
git remote add origin github-dev:dev-user/dev-repo.git
git config user.name "Dev Account"
git config user.email "dev@github"

For prod repo:

cd /path/to/prod-repo
git init
git remote add origin github-prod:prod-user/prod-repo.git
git config user.name "Prod Account"
git config user.email "prod@github"

5. Import Dev GPG Key (already in Windows B:)

sudo gpg --import /mnt/b/dev-private-key.asc
sudo gpg --list-secret-keys --keyid-format=long

Find the key ID (like 980F354B5EEF0B51).

Then set it for git:

gpg --list-keys --fingerprint
git config --global user.signingkey 980F354B5EEF0B51
git config --global commit.gpgsign true

6. Create a new GPG key for prod

sudo gpg --quick-generate-key "prod <prod@mail.com>" rsa4096 sign,encrypt 2y
sudo gpg --list-secret-keys --keyid-format=long

Note the new key ID (e.g. ABC123DEF456GHI7).

7. Initialize and encrypt with git-crypt

Dev repo

cd /path/to/dev-repo
git-crypt init
git-crypt add-gpg-user --trusted 980F354B5EEF0B51
git add . && git commit -m "init encryption"

Prod repo

cd /path/to/prod-repo
git-crypt init
git-crypt add-gpg-user --trusted ABC123DEF456GHI7
git add . && git commit -m "init encryption"

8. Push

Dev:

git push -u origin main

Prod:

git push -u origin main

9. Summary

Component Location Owner Purpose
SSH keys /root/.ssh/id_dev_ed25519, /root/.ssh/id_prod_ed25519 root Secure authentication
GPG keys gpg --list-secret-keys root Encryption/signing
Config /root/.ssh/config root Maps two accounts
Git repos /home/archclx/... user Working copies

Would you like me to include automation scripts (bash) to fully replicate this on fresh WSL systems?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment