Git 使用为另一个域配置的 SSH-Key
[英]Git uses SSH-Key configured for another domain
问题描述
我有 2 个 github 帐户。 一个是我的个人帐户,另一个是我的工作帐户。 对于这两者,我想在使用 git cli 时使用 ssh 身份验证。
我的~/.ssh/config看起来像这样:
Host private.github.com
HostName github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519_personal
Host github.com
HostName github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
For all of my work repos I use the "normal" git ssh reference, such as git@github.com:openjdk/jdk.git . 这工作正常,github 将我认证为我的工作帐户。
对于我的私人存储库,我使用域private.github.com作为别名,它应该只是使用另一个 ssh 密钥的“标记”。 正如您在我的~/.ssh/config中看到的那样,我为它配置了正确的主机名。
但是,当我尝试访问我的私人 git 存储库之一时,git (ssh) 使用我的工作密钥进行身份验证,看到有一个 github 配置了该密钥帐户。 但由于我的工作帐户无权访问我的私人 git 存储库,因此在此之后它失败了。
这是在私人仓库上执行 git-pull 时的详细 output :(我自己添加了行号以引用它们)
1. myuser@somemachine private-project % git pull
2. OpenSSH_8.1p1, LibreSSL 2.7.3
3. debug1: Reading configuration data /Users/myuser/.ssh/config
4. debug1: /Users/myuser/.ssh/config line 1: Applying options for private.github.com
5. debug1: /Users/myuser/.ssh/config line 13: Applying options for *
6. debug1: Reading configuration data /etc/ssh/ssh_config
7. debug1: /etc/ssh/ssh_config line 47: Applying options for *
8. debug1: Connecting to github.com port 22.
9. debug1: Connection established.
10. debug1: identity file /Users/myuser/.ssh/id_ed25519_personal type 3
11. debug1: identity file /Users/myuser/.ssh/id_ed25519_personal-cert type -1
12. debug1: identity file /Users/myuser/.ssh/id_rsa type 0
13. debug1: identity file /Users/myuser/.ssh/id_rsa-cert type -1
14. debug1: Local version string SSH-2.0-OpenSSH_8.1
15. debug1: Remote protocol version 2.0, remote software version babeld-7bdc42c4
16. debug1: no match: babeld-7bdc42c4
17. debug1: Authenticating to github.com:22 as 'git'
18. debug1: SSH2_MSG_KEXINIT sent
19. debug1: SSH2_MSG_KEXINIT received
20. debug1: kex: algorithm: curve25519-sha256
21. debug1: kex: host key algorithm: rsa-sha2-512
22. debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
23. debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
24. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
25. debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
26. debug1: Host 'github.com' is known and matches the RSA host key.
27. debug1: Found key in /Users/myuser/.ssh/known_hosts:2
28. debug1: rekey out after 134217728 blocks
29. debug1: SSH2_MSG_NEWKEYS sent
30. debug1: expecting SSH2_MSG_NEWKEYS
31. debug1: SSH2_MSG_NEWKEYS received
32. debug1: rekey in after 134217728 blocks
33. debug1: Will attempt key: /Users/myuser/.ssh/id_rsa RSA SHA256:HASH_OF_GLOBAL_KEY explicit agent
34. debug1: Will attempt key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
35. debug1: Will attempt key: RSA SHA256:HASH_OF_ANOTHER_KEY agent
36. debug1: Will attempt key: /Users/myuser/.ssh/id_ed25519_personal ED25519 SHA256:HASH_OF_GITHUB_PRIVATE_KEY explicit
37. debug1: SSH2_MSG_EXT_INFO received
38. debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
39. debug1: SSH2_MSG_SERVICE_ACCEPT received
40. debug1: Authentications that can continue: publickey
41. debug1: Next authentication method: publickey
42. debug1: Offering public key: /Users/myuser/.ssh/id_rsa RSA SHA256:HASH_OF_GLOBAL_KEY explicit agent
43. debug1: Authentications that can continue: publickey
44. debug1: Offering public key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
45. debug1: Server accepts key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
46. debug1: Authentication succeeded (publickey).
47. Authenticated to github.com ([140.82.121.3]:22).
48. debug1: channel 0: new [client-session]
49. debug1: Entering interactive session.
50. debug1: pledge: network
51. debug1: Sending environment.
52. debug1: Sending env LANG = de_DE.UTF-8
53. debug1: Sending command: git-upload-pack 'my-private-github-acc/private-project.git'
54. debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
55. ERROR: Repository not found.
56. debug1: channel 0: free: client-session, nchannels 1
57. fatal: Could not read from remote repository.
58.
59. Please make sure you have the correct access rights
60. and the repository exists.
61. debug1: fd 0 clearing O_NONBLOCK
62. Transferred: sent 2696, received 2208 bytes, in 0.4 seconds
63. Bytes per second: sent 7193.5, received 5891.4
64. debug1: Exit status 1
- 第 3-5 行:SSH 使用正确的配置文件并适用于预期主机的选项(
*和private.github.com) - Line 8: SSH opens a connection to
github.com(notprivate.github.com), which means the option in my configuration forprivate.github.comworks as expected - 第 10-13 行:SSH 打印它将使用的预期密钥(用于
private.github.com和*的密钥) - 第 33 行:SSH 将使用我的“全局”ssh-key(我的配置中的
*)(预期) - 第 34 行:SSH 将使用我的 github-work ssh-key(没想到?为什么要尝试这个密钥? )
- 第 35 行:不知道这是哪个键(尽管它存在于
ssh-add -l中) - 第 36 行:SSH 将使用我的 github-private ssh-key(但在尝试使用我的 github-work ssh-key之后的链中)
- 第 42,43 行:SSH 提供我的全局 ssh-key,被 github 拒绝(预期)
- 第 44,45 行:SSH 提供我的 github-work ssh-key,被 github 接受(有道理,这只是身份验证,不是授权)
从现在开始,我陷入了陷阱。 我的 ssh 客户端将我的 github-work ssh-key 提供给 github,github 接受,因为它附加到我的私人访问权限,但这个帐户不能。
为什么我的 ssh 客户端首先尝试使用我的 github-work ssh-key? 我希望它至少在使用我的 github-work ssh-key之前使用我的 github-private ssh-key。 我可以改变什么来完成这项工作? 任何有同样问题的人,也许有解决方法?
1 个解决方案
解决方案1
2 已采纳 2021-02-18 12:29:51
问题可能来自于IdentityFile选项添加了一个额外的密钥来尝试,但不排除其他密钥,
并且您的工作密钥具有默认名称之一( id_ed25519 ),或者您正在运行一个 ssh 代理,它将在联系github.com时显示该密钥。
尝试将IdentitiesOnly = yes添加到您的private.github.com部分
(在 SuperUser 上转发此答案的建议)
(注意:您可能应该将此选项添加到两个部分)
Git-服务器上的SSH密钥
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.