Say your .ssh
directory contains 30 keys (15 private and 15 public).
Where in Git can one check which one is used to connect to a given remote repository?
The following entry in .ssh/config
file solves the problem
host git.assembla.com
user git
identityfile ~/.ssh/whatever
Where ~/.ssh/whatever
is a path to your private key
Additionally, user and host can be picked up from
git push git@git.assembla.com:repo_name.git
^__ ^_______________
user host
Executing ssh in verbose mode, aka ssh -v user@host
, will print a huge load of debugging info, which also contains details on which keyfiles it is trying for login.
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 332
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Now if you combine this, with the Step 4 in Git's own SSH help page , ssh -vT git@github.com
can give you the answer.
Note: You can also use the -i
switch to tell ssh during command execution, which keyfile to use.
I'd say most practical to my taste would be:
GIT_SSH_COMMAND='ssh -v' git …
of course, depending on circumstances it might be beneficial just to export it to current SHELL's environment so that you won't have to prepend it manually each time. Then it'd be this way:
export GIT_SSH_COMMAND='ssh -v'
git …
— As man git
suggests there're a few of environmental variables that would affect Git's operations with use of SSH. According to man ssh
you can get some debugging info when deploying -v
option (not only but also, check out the manual if you're curious for more).
which key is used?
In the output you would see smth like …
debug1: Offering public key: …
… which is the answer to your question.
Unless it is specified on the .ssh/config
it will use the default private key file.
The default file is ~/.ssh/id_rsa
or ~/.ssh/id_dsa
or ~/.ssh/identity
depending on the protocol version.
这可能是超级优势,但是在运行ssh -vT git@github.com
之后它向我显示它正在检查/root/.ssh
的密钥,我期待它检查我的主目录,然后我意识到我登录为根!
Since git
just uses ssh
to connect, it will use whichever key ssh
would use to connect to the remote host. See the ~/.ssh/config
file for details; the host
block uses the IdentityFile
directive to specify the private key to use. The ssh_config(5)
manpage contains full details.
On the remote server, edit the sshd_config file and change LogLevel from INFO to VERBOSE and restart ssh.
Now your log file will hold the fingerprint of the key that was used to authenticate each user.
On Ubuntu, these files are:
/etc/ssh/sshd_config
/var/log/auth.log
but they may be different on another distro. Just google for their location (some use /var/log/secure for example).
You can check which the key is being used by trying to connect to git@github.com:
$ ssh -vT git@github.com
> ...
> debug1: identity file /Users/you/.ssh/id_rsa type -1
> debug1: identity file /Users/you/.ssh/id_rsa-cert type -1
> debug1: identity file /Users/you/.ssh/id_dsa type -1
> debug1: identity file /Users/you/.ssh/id_dsa-cert type -1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /Users/you/.ssh/id_rsa
> debug1: Trying private key: /Users/you/.ssh/id_dsa
> debug1: No more authentication methods to try.
> Permission denied (publickey).
In that example, we did not have any keys for SSH to use. The "-1" at the end of the "identity file" lines means SSH couldn't find a file to use. Later on, the "Trying private key" lines also indicate that no file was found. If a file existed, those lines would be "1" and "Offering public key", respectively:
$ ssh -vT git@github.com
> ...
> debug1: identity file /Users/you/.ssh/id_rsa type 1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /Users/you/.ssh/id_rsa
You must provide your public key to GitHub to establish a secure connection.
Open Terminal.
Start SSH agent in the background.
$ eval "$(ssh-agent -s)"
Agent pid 59566
Find and take a note of your public key fingerprint.
$ ssh-add -l -E sha256
2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)
In the upper-right corner of any github page, click your profile photo, then click Settings.
In the user settings sidebar, click SSH and GPG keys.
Compare the list of SSH keys with the output from the ssh-add command.
If you don't see your public key in GitHub, you'll need to add your SSH key to GitHub to associate it with your computer.
Follow this link for details
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.