Git 使用為另一個域配置的 SSH-Key
[英]Git uses SSH-Key configured for another domain
問題描述
我有 2 個 github 帳戶。 一個是我的個人帳戶,另一個是我的工作帳戶。 對於這兩者,我想在使用 git cli 時使用 ssh 身份驗證。
我的~/.ssh/config看起來像這樣:
Host private.github.com
HostName github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519_personal
Host github.com
HostName github.com
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_rsa
For all of my work repos I use the "normal" git ssh reference, such as git@github.com:openjdk/jdk.git . 這工作正常,github 將我認證為我的工作帳戶。
對於我的私人存儲庫,我使用域private.github.com作為別名,它應該只是使用另一個 ssh 密鑰的“標記”。 正如您在我的~/.ssh/config中看到的那樣,我為它配置了正確的主機名。
但是,當我嘗試訪問我的私人 git 存儲庫之一時,git (ssh) 使用我的工作密鑰進行身份驗證,看到有一個 github 配置了該密鑰帳戶。 但由於我的工作帳戶無權訪問我的私人 git 存儲庫,因此在此之后它失敗了。
這是在私人倉庫上執行 git-pull 時的詳細 output :(我自己添加了行號以引用它們)
1. myuser@somemachine private-project % git pull
2. OpenSSH_8.1p1, LibreSSL 2.7.3
3. debug1: Reading configuration data /Users/myuser/.ssh/config
4. debug1: /Users/myuser/.ssh/config line 1: Applying options for private.github.com
5. debug1: /Users/myuser/.ssh/config line 13: Applying options for *
6. debug1: Reading configuration data /etc/ssh/ssh_config
7. debug1: /etc/ssh/ssh_config line 47: Applying options for *
8. debug1: Connecting to github.com port 22.
9. debug1: Connection established.
10. debug1: identity file /Users/myuser/.ssh/id_ed25519_personal type 3
11. debug1: identity file /Users/myuser/.ssh/id_ed25519_personal-cert type -1
12. debug1: identity file /Users/myuser/.ssh/id_rsa type 0
13. debug1: identity file /Users/myuser/.ssh/id_rsa-cert type -1
14. debug1: Local version string SSH-2.0-OpenSSH_8.1
15. debug1: Remote protocol version 2.0, remote software version babeld-7bdc42c4
16. debug1: no match: babeld-7bdc42c4
17. debug1: Authenticating to github.com:22 as 'git'
18. debug1: SSH2_MSG_KEXINIT sent
19. debug1: SSH2_MSG_KEXINIT received
20. debug1: kex: algorithm: curve25519-sha256
21. debug1: kex: host key algorithm: rsa-sha2-512
22. debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
23. debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
24. debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
25. debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
26. debug1: Host 'github.com' is known and matches the RSA host key.
27. debug1: Found key in /Users/myuser/.ssh/known_hosts:2
28. debug1: rekey out after 134217728 blocks
29. debug1: SSH2_MSG_NEWKEYS sent
30. debug1: expecting SSH2_MSG_NEWKEYS
31. debug1: SSH2_MSG_NEWKEYS received
32. debug1: rekey in after 134217728 blocks
33. debug1: Will attempt key: /Users/myuser/.ssh/id_rsa RSA SHA256:HASH_OF_GLOBAL_KEY explicit agent
34. debug1: Will attempt key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
35. debug1: Will attempt key: RSA SHA256:HASH_OF_ANOTHER_KEY agent
36. debug1: Will attempt key: /Users/myuser/.ssh/id_ed25519_personal ED25519 SHA256:HASH_OF_GITHUB_PRIVATE_KEY explicit
37. debug1: SSH2_MSG_EXT_INFO received
38. debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
39. debug1: SSH2_MSG_SERVICE_ACCEPT received
40. debug1: Authentications that can continue: publickey
41. debug1: Next authentication method: publickey
42. debug1: Offering public key: /Users/myuser/.ssh/id_rsa RSA SHA256:HASH_OF_GLOBAL_KEY explicit agent
43. debug1: Authentications that can continue: publickey
44. debug1: Offering public key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
45. debug1: Server accepts key: my-work-email ED25519 SHA256:HASH_OF_GITHUB_WORK_KEY agent
46. debug1: Authentication succeeded (publickey).
47. Authenticated to github.com ([140.82.121.3]:22).
48. debug1: channel 0: new [client-session]
49. debug1: Entering interactive session.
50. debug1: pledge: network
51. debug1: Sending environment.
52. debug1: Sending env LANG = de_DE.UTF-8
53. debug1: Sending command: git-upload-pack 'my-private-github-acc/private-project.git'
54. debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
55. ERROR: Repository not found.
56. debug1: channel 0: free: client-session, nchannels 1
57. fatal: Could not read from remote repository.
58.
59. Please make sure you have the correct access rights
60. and the repository exists.
61. debug1: fd 0 clearing O_NONBLOCK
62. Transferred: sent 2696, received 2208 bytes, in 0.4 seconds
63. Bytes per second: sent 7193.5, received 5891.4
64. debug1: Exit status 1
- 第 3-5 行:SSH 使用正確的配置文件並適用於預期主機的選項(
*和private.github.com) - Line 8: SSH opens a connection to
github.com(notprivate.github.com), which means the option in my configuration forprivate.github.comworks as expected - 第 10-13 行:SSH 打印它將使用的預期密鑰(用於
private.github.com和*的密鑰) - 第 33 行:SSH 將使用我的“全局”ssh-key(我的配置中的
*)(預期) - 第 34 行:SSH 將使用我的 github-work ssh-key(沒想到?為什么要嘗試這個密鑰? )
- 第 35 行:不知道這是哪個鍵(盡管它存在於
ssh-add -l中) - 第 36 行:SSH 將使用我的 github-private ssh-key(但在嘗試使用我的 github-work ssh-key之后的鏈中)
- 第 42,43 行:SSH 提供我的全局 ssh-key,被 github 拒絕(預期)
- 第 44,45 行:SSH 提供我的 github-work ssh-key,被 github 接受(有道理,這只是身份驗證,不是授權)
從現在開始,我陷入了陷阱。 我的 ssh 客戶端將我的 github-work ssh-key 提供給 github,github 接受,因為它附加到我的私人訪問權限,但這個帳戶不能。
為什么我的 ssh 客戶端首先嘗試使用我的 github-work ssh-key? 我希望它至少在使用我的 github-work ssh-key之前使用我的 github-private ssh-key。 我可以改變什么來完成這項工作? 任何有同樣問題的人,也許有解決方法?
1 個解決方案
解決方案1
2 已采納 2021-02-18 12:29:51
問題可能來自於IdentityFile選項添加了一個額外的密鑰來嘗試,但不排除其他密鑰,
並且您的工作密鑰具有默認名稱之一( id_ed25519 ),或者您正在運行一個 ssh 代理,它將在聯系github.com時顯示該密鑰。
嘗試將IdentitiesOnly = yes添加到您的private.github.com部分
(在 SuperUser 上轉發此答案的建議)
(注意:您可能應該將此選項添加到兩個部分)
Git-服務器上的SSH密鑰
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.