stackoom
  简体   繁体   中英

Git uses SSH-Key configured for another domain

 原文  2021-02-18 12:05:07       git/ macos/ github/ ssh

Question

I have 2 github accounts. One is my personal and the other one is my work account. For both, I want to use ssh authentication when working with the git cli.

My ~/.ssh/config looks like this:

Host private.github.com
  HostName github.com
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519_personal

Host github.com
  HostName github.com
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_rsa

For all of my work repos I use the "normal" git ssh reference, such as git@github.com:openjdk/jdk.git . This works fine, github authenticates me as my work account.

For my private repos I use the domain private.github.com as an alias, which should just be a "marker" to use another ssh-key. As you can see in my ~/.ssh/config , I configured the correct HostName for it.

But when I try to access one of my private git repos, git (ssh) uses my work key for the authentication, sees that theres an github account with that ssh-key configured and continues with that key. But since my work account is not authorized to access my private git repos, it fails after this.

This is the verbose output when doing a git-pull on a private repo: (I added the line numbers myself to refer to them)

1. myuser@somemachine private-project % git pull
2. OpenSSH_8.1p1, LibreSSL 2.7.3
3. debug1: Reading configuration data /Users/myuser/.ssh/config
4. debug1: /Users/myuser/.ssh/config line 1: Applying options for private.github.com
5. debug1: /Users/myuser/.ssh/config line 13: Applying options for *
6. debug1: Reading configuration data /etc/ssh/ssh_config
7. debug1: /etc/ssh/ssh_config line 47: Applying options for *
8. debug1: Connecting to github.com port 22.
9. debug1: Connection established.
10. debug1: identity file /Users/myuser/.ssh/id_ed25519_personal type 3
11. debug1: identity file /Users/myuser/.ssh/id_ed25519_personal-cert type -1
12. debug1: identity file /Users/myuser/.ssh/id_rsa type 0
13. debug1: identity file /Users/myuser/.ssh/id_rsa-cert type -1
14. debug1: Local version string SSH-2.0-OpenSSH_8.1
15. debug1: Remote protocol version 2.0, remote software version babeld-7bdc42c4
16. debug1: no match: babeld-7bdc42c4
17. debug1: Authenticating to github.com:22 as 'git'
18. debug1: SSH2_MSG_KEXINIT sent
19. debug1: SSH2_MSG_KEXINIT received
20. debug1: kex: algorithm: curve25519-sha256
21. debug1: kex: host key algorithm: rsa-sha2-512
22. debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
23. debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
24. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
25. debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
26. debug1: Host 'github.com' is known and matches the RSA host key.
27. debug1: Found key in /Users/myuser/.ssh/known_hosts:2
28. debug1: rekey out after 134217728 blocks
29. debug1: SSH2_MSG_NEWKEYS sent
30. debug1: expecting SSH2_MSG_NEWKEYS
31. debug1: SSH2_MSG_NEWKEYS received
32. debug1: rekey in after 134217728 blocks
33. debug1: Will attempt key: /Users/myuser/.ssh/id_rsa RSA SHA256:HASH_OF_GLOBAL_KEY explicit agent
34. debug1: Will attempt key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
35. debug1: Will attempt key:  RSA SHA256:HASH_OF_ANOTHER_KEY agent
36. debug1: Will attempt key: /Users/myuser/.ssh/id_ed25519_personal ED25519 SHA256:HASH_OF_GITHUB_PRIVATE_KEY explicit
37. debug1: SSH2_MSG_EXT_INFO received
38. debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
39. debug1: SSH2_MSG_SERVICE_ACCEPT received
40. debug1: Authentications that can continue: publickey
41. debug1: Next authentication method: publickey
42. debug1: Offering public key: /Users/myuser/.ssh/id_rsa RSA SHA256:HASH_OF_GLOBAL_KEY explicit agent
43. debug1: Authentications that can continue: publickey
44. debug1: Offering public key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
45. debug1: Server accepts key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
46. debug1: Authentication succeeded (publickey).
47. Authenticated to github.com ([140.82.121.3]:22).
48. debug1: channel 0: new [client-session]
49. debug1: Entering interactive session.
50. debug1: pledge: network
51. debug1: Sending environment.
52. debug1: Sending env LANG = de_DE.UTF-8
53. debug1: Sending command: git-upload-pack 'my-private-github-acc/private-project.git'
54. debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
55. ERROR: Repository not found.
56. debug1: channel 0: free: client-session, nchannels 1
57. fatal: Could not read from remote repository.
58. 
59. Please make sure you have the correct access rights
60. and the repository exists.
61. debug1: fd 0 clearing O_NONBLOCK
62. Transferred: sent 2696, received 2208 bytes, in 0.4 seconds
63. Bytes per second: sent 7193.5, received 5891.4
64. debug1: Exit status 1
  • Line 3-5: SSH uses the correct configuration file and applies to options for the expected hosts ( * and private.github.com )
  • Line 8: SSH opens a connection to github.com (not private.github.com ), which means the option in my configuration for private.github.com works as expected
  • Line 10-13: SSH prints the expected keys it will use (the ones for private.github.com and * )
  • Line 33: SSH will use my "global" ssh-key (the * in my config)(expected)
  • Line 34: SSH will use my github-work ssh-key ( not expected? why does it want to try this key? )
  • Line 35: Dont know which key this is (though it is present in ssh-add -l )
  • Line 36: SSH will use my github-private ssh-key (but in the chain after it tries to use my github-work ssh-key)
  • Line 42,43: SSH offers my global ssh-key, is declined by github (expected)
  • Line 44,45: SSH offers my github-work ssh-key, is accepted by github (makes sense, this is only authentication, not authorization)

From now on, I'm in a trap. My ssh client offers my github-work ssh-key to github, which github accepts since it is attached to an account, but this account can't access my private repos.

Why does my ssh client try to use my github-work ssh-key in the first place? I would expect it to use my github-private ssh-key before it uses my github-work ssh-key at least. What can I change to make this work? Anyone with the same problem and maybe a workaround?

1 answers

solution1
 2 ACCPTED  2021-02-18 12:29:51

The issue could come from the fact that the IdentityFile option adds an extra key to try, but does not exclude the other ones,
and that either your work key has one of the default names ( id_ed25519 ), or you have an ssh-agent running which will present that key when contacting github.com .

Try adding IdentitiesOnly = yes to your private.github.com section
(forwarding suggestion from this answer on SuperUser )

(note: you should probably add this option to both sections)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Git - ssh-key on server git server refusing password or ssh-key how to change local git ssh-key? ssh-key used by git Android Studio Using git with SSH-key on Windows Intelij IDEA ssh-key git repository connection denied force Git to create the ssh-key in the directory directory Git always asks for my ssh-key passphrase Configured SSH Key For Git But Still Unsuccessful git clone not using configured SSH key
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM