Git and SSH, which key is used?

Question

Say your .ssh directory contains 30 keys (15 private and 15 public).

Where in Git can one check which one is used to connect to a given remote repository?

Answer 1

The following entry in .ssh/config file solves the problem

  host git.assembla.com
  user git
  identityfile ~/.ssh/whatever

Where ~/.ssh/whatever is a path to your private key

Additionally, user and host can be picked up from

git push git@git.assembla.com:repo_name.git
         ^__ ^_______________
         user host

Answer 2

Executing ssh in verbose mode, aka ssh -v user@host , will print a huge load of debugging info, which also contains details on which keyfiles it is trying for login.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 332
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

Now if you combine this, with the Step 4 in Git's own SSH help page , ssh -vT git@github.com can give you the answer.

Note: You can also use the -i switch to tell ssh during command execution, which keyfile to use.

Answer 3

I'd say most practical to my taste would be:

GIT_SSH_COMMAND='ssh -v' git …

of course, depending on circumstances it might be beneficial just to export it to current SHELL's environment so that you won't have to prepend it manually each time. Then it'd be this way:

export GIT_SSH_COMMAND='ssh -v'
git …

— As man git suggests there're a few of environmental variables that would affect Git's operations with use of SSH. According to man ssh you can get some debugging info when deploying -v option (not only but also, check out the manual if you're curious for more).

which key is used?

In the output you would see smth like …

debug1: Offering public key: …

… which is the answer to your question.

Answer 4

Unless it is specified on the .ssh/config it will use the default private key file.

The default file is ~/.ssh/id_rsa or ~/.ssh/id_dsa or ~/.ssh/identity depending on the protocol version.

Answer 5

这可能是超级优势，但是在运行ssh -vT git@github.com之后它向我显示它正在检查/root/.ssh的密钥，我期待它检查我的主目录，然后我意识到我登录为根！

Answer 6

Since git just uses ssh to connect, it will use whichever key ssh would use to connect to the remote host. See the ~/.ssh/config file for details; the host block uses the IdentityFile directive to specify the private key to use. The ssh_config(5) manpage contains full details.

Answer 7

On the remote server, edit the sshd_config file and change LogLevel from INFO to VERBOSE and restart ssh.

Now your log file will hold the fingerprint of the key that was used to authenticate each user.

On Ubuntu, these files are:

/etc/ssh/sshd_config
/var/log/auth.log

but they may be different on another distro. Just google for their location (some use /var/log/secure for example).

Answer 8

You can check which the key is being used by trying to connect to git@github.com:

$ ssh -vT git@github.com
> ...
> debug1: identity file /Users/you/.ssh/id_rsa type -1
> debug1: identity file /Users/you/.ssh/id_rsa-cert type -1
> debug1: identity file /Users/you/.ssh/id_dsa type -1
> debug1: identity file /Users/you/.ssh/id_dsa-cert type -1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /Users/you/.ssh/id_rsa
> debug1: Trying private key: /Users/you/.ssh/id_dsa
> debug1: No more authentication methods to try.
> Permission denied (publickey).

In that example, we did not have any keys for SSH to use. The "-1" at the end of the "identity file" lines means SSH couldn't find a file to use. Later on, the "Trying private key" lines also indicate that no file was found. If a file existed, those lines would be "1" and "Offering public key", respectively:

$ ssh -vT git@github.com
> ...
> debug1: identity file /Users/you/.ssh/id_rsa type 1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /Users/you/.ssh/id_rsa

Verify the public key is attached to your account

You must provide your public key to GitHub to establish a secure connection.

1. Open Terminal.

2. Start SSH agent in the background.

   $ eval "$(ssh-agent -s)"

   Agent pid 59566

3. Find and take a note of your public key fingerprint.

   $ ssh-add -l -E sha256

   2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)

4. In the upper-right corner of any github page, click your profile photo, then click Settings.

5. In the user settings sidebar, click SSH and GPG keys.

6. Compare the list of SSH keys with the output from the ssh-add command.

7. If you don't see your public key in GitHub, you'll need to add your SSH key to GitHub to associate it with your computer.

Follow this link for details