堆栈内存溢出
  简体   繁体   English

如何指定将使用哪个 ssh 键 `go get`

[英]How can you specify which ssh key `go get` will use

 原文  2021-01-04 20:19:56       git/ go/ github/ ssh-keys/ go-get

问题描述

I'm using two different github accounts (personal and work) on the same laptop (running Ubuntu version 20).我在同一台笔记本电脑上使用两个不同的 github 帐户(个人和工作)(运行 Ubuntu 版本 20)。 I need to be able to access private repos from work using the ssh key for my work github account.我需要能够使用我的工作 github 帐户的 ssh 密钥从工作中访问私人存储库。

I've made it all work using some neat git config controls, ie in my ~/.gitconfig file I've put:我已经使用一些简洁的 git 配置控件完成了所有工作,即在我的~/.gitconfig文件中我放了:

[url "git@github.com:work_account/"]
    insteadOf = https://github.com/work_account/
[includeIf "gitdir:~/src/github.com/personal_account/"]
    path=~/.gitconfig_personal
[includeIf "gitdir:~/src/github.com/work_account/"]
    path=~/.gitconfig_work

The personal config contains:个人配置包含:

[user]
name = Your Name
email = your.name@gmail.com
[core]
sshCommand = ssh -i ~/.ssh/id_rsa

The work config contains:工作配置包含:

[user]
name = Your Name
email = your.name@work.com
signingkey = <ID of GPG key>
[core]
sshCommand = ssh -i ~/.ssh/id_ecdsa
[commit]
gpgsign = true
[gpg]
program = gpg

This all works great for pulling and pushing from github (and signing work commits with a gpg key), but it is failing for go get on private repos.这一切都非常适合从 github 拉取和推送(并使用 gpg 密钥签署工作提交),但是对于go get私人仓库来说它失败了。 For some bizarre reason go get is trying to use my personal ssh key ( ~/.ssh/id_rsa ) instead of my work ssh key ( ~/.ssh/id_ecdsa ).由于某些奇怪的原因go get试图使用我的个人 ssh 密钥( ~/.ssh/id_rsa )而不是我的工作 Z1787D7646304C5D987CF4E64A3973DC7 密钥) ~/.ssh/id_ecdsa I've set the GOPRIVATE environment variable, ie我已经设置了GOPRIVATE环境变量,即

export GOPRIVATE=github.com/work_account/*

The output of go get is like: go 得到的 output 是这样的:

$ go get github.com/work_account/private_repo
go get github.com/work_account/private_repo: module github.com/work_account/private_repo: git ls-remote -q origin in /home/marc/pkg/mod/cache/vcs/ff3efb332cb48232e5da90ff2073685cbdac4a86e3a47aa11663696f4943637a: exit status 128:
        ERROR: Repository not found.
        fatal: Could not read from remote repository.

        Please make sure you have the correct access rights
        and the repository exists.

I can see that my ssh agent has both keys:我可以看到我的 ssh 代理有两个键:

$ ssh-add -l
521 SHA256:EKvhgg24_blah_bApjLSqX4J7l0 your.name@work.com (ECDSA)
4096 SHA256:r/qcO94F+ox_blah_JkTiVk+aERk your.name@gmail.com (RSA)

When I remove my personal ssh key (ie rm ~/.ssh/id_rsa* ) then go get works just fine on the private repo, so I know it is definitely just trying to use the wrong ssh key.当我删除我的个人 ssh 密钥(即rm ~/.ssh/id_rsa* )然后go get在私人仓库上正常工作,所以我知道它肯定只是试图使用错误的 Z1787D7646304C3DCE 密钥。 For some reason it is ignoring the git config core.sshCommand .由于某种原因,它忽略了 git 配置core.sshCommand

3 个解决方案

解决方案1
 0 已采纳  2021-01-04 20:19:56

After a lot of trial and error and digging around, I've found a solution.经过大量的反复试验和挖掘,我找到了解决方案。 If I set the environment variable GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ecdsa" in the private repo then go get uses the correct ssh key and then works for private repos.如果我在私有仓库中设置环境变量GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ecdsa"那么go get使用正确的 ssh 密钥,然后适用于私有仓库。 It seems that go get ignores the git config core.sshCommand but is taking into account the environment variable GIT_SSH_COMMAND .似乎go get忽略了 git 配置core.sshCommand但考虑到环境变量GIT_SSH_COMMAND

To simplify my life I've used the program direnv to set this environment variable in the folder I keep my work repos in. The .envrc file in the top level folder looks like this:为了简化我的生活,我使用程序direnv在我保存工作存储库的文件夹中设置了这个环境变量。顶级文件夹中的.envrc文件如下所示:

export GIT_SSH_COMMAND="ssh -i ~/.ssh/id_ecdsa"

解决方案2
 0  2021-01-04 20:33:33

You need this in your ~/.ssh/config file.您需要在~/.ssh/config文件中使用它。 If it doesn't exist, just create it.如果它不存在,只需创建它。 It specifies the ssh key to use for each host.它指定用于每个主机的 ssh 密钥。 You can add sort of aliases by adding invalid domains:您可以通过添加无效域来添加别名:

Host gitlab.com
IdentityFile ~/.ssh/id_ed25519

Host github.com
IdentityFile ~/.ssh/id_ed25519

Host github.invalid
HostName github.com
IdentityFile ~/.ssh/id_rsa

And then every time you use git@github.invalid, you use the correct ssh key.然后每次使用 git@github.invalid 时,都使用正确的 ssh 密钥。

Related is this addition to ~/.gitconfig , which helps with importing private repositories.~/.gitconfig相关的是这个添加,它有助于导入私有存储库。 It uses ssh got all git operations with these hosts:它使用 ssh 对这些主机进行了所有 git 操作:


[url "git@github.com:"]
        insteadOf = https://github.com/
[url "git@gitlab.com:"]
        insteadOf = https://gitlab.com/

Also see environmental variable GOPRIVATE which lists private repositories not to use proxy with.另请参阅环境变量GOPRIVATE ,其中列出了不使用代理的私有存储库。 Example :示例

GOPRIVATE=*.corp.example.com,rsc.io/private

解决方案3
 0  2021-01-04 21:47:44

You can use the SSH-Agent.您可以使用 SSH 代理。 ssh-agent is part of the openssh. ssh-agent是 openssh 的一部分。 It also holds your keys and certificates unencrypted in memory.它还保存您在 memory 中未加密的密钥和证书。 They are ready for use by ssh.它们可供 ssh 使用。

For example it is very helpful when you have ssh-key with a passphase .例如,当您拥有带有passphase的 ssh-key 时,它会非常有用。 By default it will ask you to enter the key passphase every time, go is trying to clone/pull code from a upstream.默认情况下,它每次都会要求您输入密钥密码,go 正在尝试从上游克隆/拉取代码。

There are few commands, you can use:有几个命令,你可以使用:

  • echo $SSH_AGENT_PID - See if agent is assigned to the current session. echo $SSH_AGENT_PID - 查看代理是否分配给当前 session。 the SSH_AGENT_PID variable should return pid of the ssh-agent . SSH_AGENT_PID变量应该返回ssh-agent的 pid。
  • eval $(ssh-agent) - start a new ssh-agent session. eval $(ssh-agent) - 启动一个新的ssh-agent session。
  • ssh-add -l - List keys available in your ssh session ssh-add -l - 列出 ssh session 中可用的密钥
  • ssh-add ~/.ssh/tmp/id_rsa - Add the ~/.ssh/tmp/id_rsa key to current session. ssh-add ~/.ssh/tmp/id_rsa - 将~/.ssh/tmp/id_rsa密钥添加到当前 session。

Example session can be:示例 session 可以是:

ip-192-168-200-63:tf-r0 daniel$ echo $SSH_AGENT_SOCK
ip-192-168-200-63:tf-r0 daniel ^C

ip-192-168-200-63:src daniel$ eval `ssh-agent`
Agent pid 50734
ip-192-168-200-63:src daniel$ echo $SSH_AGENT_PID 
50734
ip-192-168-200-63:src daniel$ ssh-add -l
The agent has no identities.
ip-192-168-200-63:src daniel$ ssh-add ~/.ssh/tmp/id_rsa
Enter passphrase for /Users/daniel/.ssh/tmp/id_rsa: 
Identity added: /Users/daniel/.ssh/tmp/id_rsa (/Users/daniel/.ssh/tmp/id_rsa)
ip-192-168-200-63:src daniel$ ssh-add -l
2048 SHA256:nm/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /Users/daniel/.ssh/tmp/id_rsa (RSA)
ip-192-168-200-63:src daniel$

After that I can pull remote code with ssh key protected by passphase without entering it every time, key is required.之后,我可以使用受密码保护的 ssh 密钥提取远程代码,而无需每次都输入,需要密钥。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何指定在 git 中使用哪个 SSH 密钥进行 git push 以便将 gitorious 作为镜像? - How to specify which SSH key to use within git for git push in order to have gitorious as a mirror? 如何提及在 git 中使用哪个 ssh 密钥? - How to mention which ssh key to use in git? 可以吗,建议对github和gitlab / gitbucket使用相同的ssh键 - Can you and is it advisable to use the same ssh key for github and gitlab/gitbucket git 如何知道使用哪个 ssh 密钥进行操作? - How does git know which ssh key to use for its operations? 如何为 jenkins git 插件指定 ssh 密钥 - How to specify an ssh key for the jenkins git plugin 有没有办法指定哪个 ssh 密钥应该用于 npm 安装 - Is there a way to specify which ssh key should be used for npm install 在 Git 上执行 shell 命令时,如何指定要使用的私有 SSH 密钥? - How to specify the private SSH-key to use when executing shell command on Git? 无法获得SSH公钥身份验证 - Can't get SSH public key authentication 如何在PHP Fog上指定用于Git Push的密钥文件? - How do I specify which key file to use for Git Push on PHP Fog? 如何将Jenkins上的SSH用户专用传递给可用于git pull的.sh文件 - How to Pass SSH User Private which is on Jenkins to .sh File which can use for git pull
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM