[英]IdentityFile ignored in ssh configuration
My ssh
configuration inside /root/.ssh/config
:我在
/root/.ssh/config
ssh
配置:
Host *
IdentityFile /root/.ssh/id_rsa_api
IdentityFile /root/.ssh/id_rsa_ui
I use these keys to be able to clone GitHub repositories.我使用这些密钥来克隆 GitHub 存储库。 However, only the first
IdentityFile
(API) works.但是,只有第一个
IdentityFile
(API) 有效。 For the second, it says Repository not found
as I start cloning.第二,当我开始克隆时,它说
Repository not found
。 When I swap the configuration like:当我交换配置时:
Host *
IdentityFile /root/.ssh/id_rsa_ui
IdentityFile /root/.ssh/id_rsa_api
This way I can clone the UI, but not the API.这样我可以克隆 UI,但不能克隆 API。 As a consequence, I see that the keys are correct, but the second IdentityFile is always ignored.
结果,我看到密钥是正确的,但始终忽略第二个 IdentityFile。 What could the problem be?
可能是什么问题?
I cannot use ssh-add because I configure ssh
inside a Dockerfile and ssh-agent is not running when the container is build.我无法使用ssh-add,因为我在 Dockerfile 中配置了
ssh
并且在构建容器时 ssh-agent 没有运行。
Do you have any other keys besides the two you've listed in the question?除了您在问题中列出的两个键之外,您还有其他任何键吗? The OpenSSH server
sshd
will drop a client after too many failed authentication attempts. OpenSSH 服务器
sshd
将在多次失败的身份验证尝试后丢弃客户端。 If you have enough keys, your client may be trying all of them and being dropped before it gets through all of the keys you've listed.如果您有足够的密钥,您的客户端可能会尝试所有这些密钥,并在通过您列出的所有密钥之前被丢弃。 Running
ssh
with the -v
parameter will show which keys ssh tries to use to authenticate.使用
-v
参数运行ssh
将显示 ssh 尝试使用哪些密钥进行身份验证。
The sshd_config parameter MaxAuthTries
determines how many times a client can attempt to authenticate. sshd_config参数
MaxAuthTries
确定客户端可以尝试进行身份验证的次数。 The default is 6.默认值为 6。
If this is the problem, you may be able to avoid it by setting the ssh_config parameter IdentitiesOnly
.如果这是问题所在,您可以通过设置ssh_config参数
IdentitiesOnly
来避免它。 This prevents your client from using identities that didn't come from the ssh configuration files.这可以防止您的客户端使用不是来自 ssh 配置文件的身份。 Another thing to consider is to use more specific
Host
or Match
directives, so you only apply a key to the specific hosts where the key should be used.要考虑的另一件事是使用更具体的
Host
或Match
指令,因此您只需将密钥应用于应使用密钥的特定主机。
https://developer.github.com/guides/managing-deploy-keys/#deploy-keys https://developer.github.com/guides/managing-deploy-keys/#deploy-keys
Deploy keys only grant access to a single repository.
部署密钥仅授予对单个存储库的访问权限。 More complex projects may have many repositories to pull to the same server
更复杂的项目可能有许多存储库要拉到同一个服务器
So I dropped using deploy keys.所以我放弃了使用部署密钥。 Instead I created an ssh key that allows access to all of my private repositories.
相反,我创建了一个 ssh 密钥,允许访问我的所有私有存储库。 This way I have a single IdentityFile.
这样我就有了一个 IdentityFile。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.