ThinkingCog

Articles written by Parakh Singhal

How to Operate Multiple GitHub Accounts from a Single Computer

Developers love to use a single computer for all their needs, whether they are related to office work or work on their personal projects. Since using version control is a cardinal requirement in any software project, personal or professional, it becomes imperative that a requirement arises, whereby, a developer is required to operate multiple GitHub accounts from a single computer.

Consider a scenario that you have two GitHub accounts – one sponsored by your employer and the other one personal and you want to use a single computer to operate both of them. This is possible by virtue of SSH keys and setting remote repositories under the correct SSH key. The following is the broad outline of the article:

1. Setting up SSH keys

2. Setting up a configuration file to use easily co-ordinate among multiple accounts

3. Setting remotes correctly

1. Setting up SSH Keys

SSH keys generated using RSA algorithm, generates a pair of keys – public and private. Per the norm, the private key remains secure with you and never travel over the wire, while public key is distributed for verification. In this case the public key is stored in your GitHub account.

On Window 10 open Git Bash, navigate to C:\Users\YourMSID\.ssh and key in the following command:

$ ssh-keygen -t rsa –b 4096 -C "your personal email address"

 

This will prompt you to create a new file. Provide a suitable name to the file so you are able to differentiate between various files and hence various keys. Also make sure to enter a suitable passphrase. Providing passphrase further encrypts the private SSH key using a symmetric encryption algorithm, and will render the theft of the private key useless.

Now generate a key-pair for the official account in a manner similar to described above:

$ ssh-keygen -t rsa –b 4096 -C "your official email address"

 

The next step after the generation of the key-pair will be to copy over the public SSH keys into respective GitHub accounts. I am assuming a generic name generally given to key-pair given to personal accounts. Print on the screen and copy the relevant section:

$ cat id_rsa_personalaccount.pub

 

Make sure that you copy the key that starts with “ssh-rsa” and ends with gibberish. Do not copy the email part.

Now navigate to your personal GitHub account and open account settings. Open the “SSH and GPG Keys” section. Click on “New SSH Key”, and copy over the key. Make sure to give a suitable title to remember the computer that the key is present on. You may generate a key on some other computer tied to your personal account. A suitable title will help you connect the key and the originating computer where it came from.

Perform the same routine for the SSH key corresponding to your official account with corresponding account on GitHub.

2. Setting up a configuration file to use easily co-ordinate among multiple accounts

Now to make life easy with multiple keys stored on a single computer, we will create a configuration file containing the details about the hostname which needs to be connected to and the account details with which to authenticate. Create a config file with the following command:

$ notepad config

 

And copy over the following details:

# Personal
Host personal
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_personalaccount

# Work
Host work
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_workaccount

One very important thing to note here is to provide the hostname as given in the sample configuration and the user as “git” in both the cases.

The next step will be to make sure that SSH agent is running on the machine. Run the following command on bash shell to make it run in the background:

$ eval $(ssh-agent -s) 

This will start the SSH agent of it is not running in the background and will allocate it a process identifier. Now we will add the SSH keys for personal and professional accounts to the agent by the following command:

$ ssh-add id_rsa_personalaccount

$ ssh-add id_rsa_workaccount

If you had provided passphrases while creating the SSH keys, then you will have to provide the corresponding passphrases before adding them to the agent.

In order to make sure that we have indeed added the identities, run the following command:

$ ssh-add –l

Now that we have the keys added in the SSH agent and have the configuration file set up, we are in a position to test the authentication by connecting to GitHub with credentials as described in the config file. Ru the following command:

$ ssh –T personal

The aforementioned command will make ssh module take the config file placed in the .ssh folder by default and use host information defined therein. The result of executing the commands should be something like below:

Hi parakh! You've successfully authenticated, but GitHub does not provide shell access.

Repeat the process for the work account.

3. Setting remotes correctly

Now that we are done setting up the keys and configuration file, and have tested the authentication, we will create a dummy repository and push the changes to it. On GitHub, create a dummy repository, say, with the name DummyRepo. This will be the repository which we will use to upload our changes to, and pull the changes from. Navigate to a suitable location on your hard drive and run the following commands to create a repository mapped to DummyRepo:

$ mkdir DummyRepo
$ git init
$ touch file1.txt
$ printf “This is my file” >; file.txt
$ git add .
$ git commit -m "first commit"
$ git remote add origin git@personal:UserNameOfPersonalAccountAtGitHub/DummyRepo.git
$ git push origin master

If all the setup has been done correctly, then the push of changes to DummyRepo will succeed. Now test the pull from the repository. Create a text file over at the GitHub repository and commit it. Now run the following commands:

$ git pull origin master

This should succeed in pulling the newly created file and commit.

Hope this article was helpful to you.

Raspberry Pi and Passwordless SSH Login

In any modern operating system when you login, you are greeted with a login screen asking for your credentials. If you are the only user using the system, you may be spared the labor of filling in the username, but a password still will be required to login.

We can forgo the exercise of filling the password by virtue of asymmetric encryption. Asymmetric encryption makes two types of keys available – private and public. As the name suggests, public key can be made available to the public while the private key remain with the system which needs to do the authentication. In our case we will be logging into Raspberry Pi using SSH and will use key based authentication mechanism to login, forgoing the need of any password. Pi will send the public key over the wire to the host operating system running Putty which will then compare it with the companion private key. If a match is found, the user authenticates successfully. Note that the private keys never travels over the wire.

We need the following to make this a possibility:

1. PutTTYgen: To generate a pair of keys,

2. Pageant: To run in the background and maintain availability of the private key

Both the aforementioned software components come bundled with Putty, so if you have Putty installed, there’s a good chance that they are already installed on your system.

Generating a key pair

Open PuTTYgen and click on the “Generate” button generate a pair of keys. Make sure that “RSA” algorithm is selected with key strength of 2048 bits. Once generated, use the in-built facility and save the public and private keys to the folder which you consider save enough to retain your private key for future reference. DO NOT SHARE YOUR PRIVATE KEY WITH ANYONE.

Generate key pair with PuTTYgen

Now, the most important part. If you look at the format of the public key saved by PuTTYgen, you will find that it spawns multiple lines. It is un-usable in majority of the systems and exists only for reference. We need to copy the public key in the large “Key” window, which specifically makes the key properly formatted for use in OpenSSH based authentication systems.

02 PuTTYgen Keys Window

 

Copy the key into a simple text file and name it “authorized_keys” and remove the txt extension. This is the file that will be used by Raspbian Stretch operating system without any further configuration.

Now run the Pageant agent in your Windows system and add the private key generated previously. The private key should have an extension “ppk”. Pageant agent will run on the host operating system where from you want to connect and will keep the private key handy.

03 Pageant

Configuring Raspberry Pi

Now let’s configure our Raspberry Pi to accept key based authentication. Login the usual route with your username and password and follow the steps:

1. Create a .ssh folder (hidden folder) in the home directory of the user for whom you want to use key based authentication.

2. Copy over the public key (NOT PRIVATE KEY) that you generated previously and named “authentication_keys” to the folder. I used a thumb drive for the purpose.

3. Secure the key file and the .ssh folder. Only the user meant to use the key based authentication should be able to access the key file in read-only and executable capacity. The .ssh folder should be off limits to everyone else.

4. Restart the ssh service.

5. Logout and log back in with the username for which you enabled the key based authentication.

mkdir .ssh
sudo mount /dev/sda1 /mnt/usb
cp /mnt/usb/authorized_keys .ssh/
sudo chmod 500 .ssh/authorized_keys
sudo chmod 700 .ssh
ls -al /home/parakh .ssh/authorized_keys
sudo systemctl restart ssh

 

04 Commands Cropped

 

 

 

 

 

 

 

 

 

 

 

All this was made possible by the magic of asymmetric encryption.

05 Login Cropped

The good thing about this scheme is that if, for some reason the public key on Raspberry Pi gets corrupted, or the Pageant is not running in the background on the host operating system, then you get offered the good-old password challenge. I purposely exited the Peagent and as expected Pi challenged me with a password corresponding to my account.

06 login using password cropped

References:

1. Passwordless SSH access

How to Setup Raspberry Pi Without a Monitor and Keyboard and Ethernet Cable (Headless Mode)

Key Takeaway:

Installation of the Raspbian operating system on a Raspberry Pi requires an external keyboard and mouse for providing input and an external HDMI monitor to see what’s happening. In this post, we will learn how to configure the boot media, so that we are able to leverage our existing Windows hardware for the installation and subsequent operations without requiring an external keyboard, mouse and a monitor, also known as the “headless mode”. We will also be connecting our Pi to our Wi-Fi network without the any intermediate use of an Ethernet cable and will allocate it a static IP address.

Read On:

Raspberry Pi is a single board computer that offers a fun way to learn about Linux and is capable of handling various projects that require light to medium computing power. It is one of the most favored platforms for prototyping an IoT project.

Installation of most of the Raspberry Pi compatible operating systems at the time of writing this post requires the presence of an external USB keyboard and mouse to provide input and an HDMI capable monitor to receive video feed of what’s happening. These requirements prove to be a bit of a hurdle in getting Raspberry Pi up and running. Fortunately, things are improving and creators of Linux distros are making sure that there are ways to configure Raspberry Pi to facilitate a headless install, configuration and subsequent operation with the use of existing integrated hardware like a pc or a laptop.

In this post I will demonstrate how to install and operate Raspbian operating system in a truly headless fashion using your existing Windows PC hardware. We will accomplish the following:

1. Enable SSH for logging into Pi after the first boot.

2. Connect to existing Wi-Fi with the help of supplied credentials.

3. Have a static IP address, so in future we will have the ability to reliably connect to Pi at a known address and enable us to operate services like a NAS or a media server.

4. Enable VNC server on Pi so we can remotely login into Pi and use the convenience of GUI to get things done.

 

To accomplish all that we need the following hardware and software:

1. Raspberry Pi 3 Model B.

2. A Windows or Linux enabled laptop or a desktop computer to download the Raspbian image to.

3. A micro-SD card to install Raspbian image onto.

4. A micro SD card reader-writer.

5. Image of the latest version of Raspbian operating system (with desktop).

6. Etcher to transfer the Raspbian operating system onto the micro-SD card.

7. Notepad++ to create configuration files. Please note that Windows Notepad won’t cut it.

8. Advanced IP Scanner to scan the network to note the subnet and ip addresses of various devices.

9. Putty to SSH into Pi after the installation of the operating system.

10. VNC viewer to remotely login into Raspbian operating system.

I am writing this post assuming that you are working with a Windows enabled computer.

Head over to RaspberryPi.org and download the latest version of Raspbian operating system with desktop. Now we need to transfer this operating system to the micro-SD card.

To transfer the operating system onto the micro-SD card we will be using Etcher from resin.io. Brilliantly simple to use and just works with a wide variety of image formats. Etcher can directly work with zipped images, eliminating the need to unzip the downloaded images. You can also download the portable version and use it without installing it.

clip_image002

 

 

 

 

Figure 1 Etcher in action

Once you have flashed and validated the micro-SD card with the operating system, prepare to perform some steps that are going to make the entire installation and subsequent operation a headless one. If you open the card in Windows Explorer, then you will be able to access the boot folder containing a few files. Since Windows does not recognize EXT4 file system, you will not be able to see or access any other of the partition on the card or any folder or file contained therein.

Enabling SSH

To enable headless configuration and operation of Raspberry Pi, it is essential that we have some mechanism to login into our Pi. SSH enables that. By default, SSH now comes disabled in Raspbian Stretch operating system. But it can be easily enabled by introducing a file named “ssh” with no extension. You do not have to bother putting anything in the file as just the presence of the file will indicate your intention to enable SSH in Raspbian at the first and subsequent boots.

clip_image004

 

 

 

 

Figure 2 Insert a blank text file SSH excluding any extension

Configuring Wi-Fi

One of the changes introduced in Raspbian Stretch was the ability to put “wpa_supplicant.conf” file into the boot folder which at first boot could be used to configure network settings. So open up your Notepad++ and open a new text file. Make sure to change the “End of Line” setting set to “UNIX” (Edit->EOL Conversion). If you do not change this setting, Notepad++ will use Windows end of line settings and network settings will not take effect.

clip_image006

 

 

 

 

 

 

 

Figure 3 Change the EOL setting in Notepad++ to UNIX when handling any file for Raspbian

Insert the following settings into the file:

   1: country=in
   2: update_config=1
   3: ctrl_interface=/var/run/wpa_supplicant
   4:  
   5: network={
   6: scan_ssid=1
   7: ssid="MyNetworkSSID"
   8: psk="MyNetworkPassword"
   9: }

Change the country entry to the applicable one. Similarly use the SSID of your Wi-Fi network and corresponding password.

Save the text file in the boot folder and name it “wpa_supplicant.conf”. The significance this file is that it serves the configuration to the supplicant (basically hardware or software that connects to a network. More info is available here), and after the first boot gets copied into the “/etc/wpa_supplicant” directory for operational purposes. You can read more about this here (in context with Raspbian Stretch).

Now that we have taken care of SSH and Wi-Fi settings, let’s get ourselves a static IP address where we can SSH to. Boot up your Pi.

Configuring for a static IP address

Now to assign a static IP address to our Pi, we need to login into Pi at the IP address that gets allocated to our Pi at its first boot. We will use that IP address in Putty and start our SSH session and carry out further configuration to work with a static address.

We can find the IP addresses allocated to various devices with the help of the Advanced IP Scanner tool available from Famatech. The best thing about this tool is that you can run this tool without installing it, in portable mode. Boot up your Pi and then run this tool to see the IP address allocated to the device.

clip_image008

 

 

 

Figure 4 Raspberry Pi connected to Wi-Fi with a random IP address allocated

Once you have noted down the IP address allocated to Pi, use Putty or your favorite SSH tool to login into Pi.

clip_image009

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure 5 SSH into Pi using the allocated IP address

The default username and password to be used for logging into Pi are “pi” and “raspberry” respectively. After logging into Pi via SSH, use the following steps to configure Pi to have a static address.

clip_image011

Figure 6 Successful SSH login

Now give the following command to know about the gateway (your router in this case), just to be sure that your Pi is communicating at the IP address shown by the IP Scanner. This IP address is the one that will always be used by Pi to communicate to the router.

   1: route -ne

 

clip_image013

Figure 7 Gateway IP address

Once we have noted down the gateway’s IP address, it is time to figure out the name server. This setting is stored in resolv.conf file. Use the following command to pull it up and note down the IP address of the name server.

   1: cat /etc/resolv.conf]

 

clip_image015

Figure 8 Name server IP address

Now we need to modify the file “dhcpcd.conf” file which contains the network settings that go into effect once Pi boots up. Use the following command to pull up the file in editable mode in nano text editor:

   1: sudo nano /etc/dhcpcd.conf]

You should be able to see some pre-existing but, commented out entries showing you the way to configure the settings in this file. We will create a new entry block at the bottom of the file. Use the following entries to configure your Pi to use a static IP address at boot time and communicate to your gateway and use the designated name server:

   1: interface wlan0
   2: static ip_address=”your desired IP address”
   3: static routers=”your router’s IP address” 
   4: static domain_name_servers=”your name server’s IP adderss”

 clip_image017

Figure 9 Configure the entries with the desired IP addresses

Once the aforementioned steps are complete, reboot your Pi for the network settings to take into effect. Use the command to reboot:

   1: sudo reboot –p

Once your Pi boots up, it will acquire the configured static IP address, and you should be able to login into it, using Putty.

clip_image019

Figure 10 Verification of newly allocated static IP address with the help of IP Scanner

clip_image020

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure 11 Using the new static IP address to SSH into Pi

Once you have gotten into Pi, pull up the raspberry pi configuration utility to configure the Pi for the following:

1. Change the password from the default “raspberry” to something that only you know. This is an essential security measure.

2. Change the setting in “Advanced Options” to allow the Pi to see and use the entire file space. By default, that is not the case.

3. Change the setting in “Advanced Options” to change the resolution of the screen to what is native to your Windows machine.

4. Enable graphical desktop at boot from “Boot Options”.

5. Enable VNC from the “Interfacing Options” setting so we can use the VNC viewer to login into Pi using the GUI capabilities of Raspbian OS.

clip_image022

Figure 12 Raspberry configuration utility with all the options available

clip_image024

Figure 13 Configuring to boot into desktop mode

clip_image026

Figure 14 Changing the resolution to that of my Windows machine

Once all the changes have been done, reboot Pi. Now we will be able to login into Pi using VNC viewer.

clip_image028

Figure 15 First boot into GUI via VNC viewer

We have accomplished all that we had set out to achieve. Now every time you will access Pi, you will be able to access it over a static IP address and login into GUI. From here-on you can go ahead and configure Pi for services that require a static IP address. Depending on your expertise level and requirements, you can completely skip the VNC part and just configure Pi to have a static IP address and operate it over SSH.