Re: Specifying a private key when connecting to a remote SSH repo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks very much for the feedback and implementation suggestions.

> If the only thing you are interested in supporting is a one-shot
> invocation, i.e. giving which identity file to use from the command
> line when you run either "git push" or "git fetch",

Yes, this is the new option that could benefit the most people.

I think this workflow would be very fast and make it very easy to have
1 key per project right where you need it:

```
mkdir project
cd project
ssh-keygen -t rsa -N "" -f deploy.key
git init
echo "deploy.key*" > .gitignore
echo "Hello world" > readme.md
git add .
git commit -m "Initial commit"
git remote add origin git@xxxxxxxxxx:breck7/project.git
git push -u origin master -ssh "-i deploy.key"
```

This probably wouldn't be the option used most frequently, but could
be a neat option to have for both power users and new users.

For power users, I could see this being useful if you have many
projects that all have different keys.

For new users, I could see this is as a quick way to "get out of
trouble" if you are running into ssh problems.

-Breck


On Thu, Sep 12, 2013 at 8:43 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
> Jeff King <peff@xxxxxxxx> writes:
>
>> We already have GIT_SSH, so I would expect:
>>
>>   GIT_SSH='ssh -i $HOME/.ssh/id_for_example_com' git push
>>
>> to work. But sadly, GIT_SSH does not use the shell, unlike most other
>> configure git commands. :(
>
> You read me correctly ;-)
>
>> We could consider it a consistency bug and fix it, though I suspect we
>> may be annoying people on Windows who have spaces in their paths.
>
> Again, you read me correctly ;-)
>
>> You could write a credential helper shell script that knows about
>> classes of remotes (e.g., selecting an identity file based on the
>> hostname), and write only a few lines to cover a large number of hosts.
>
> Yes, but the same trick can be used in $HOME/.ssh/config to let one
> entry cover the same large number of hosts, so...
>
>> For example:
>>
>>   #!/bin/sh
>>   test "$1" = "get" || exit 0
>>   while IFS== read key val; do
>>     test "$key" = "host" || continue
>>     case "$val" in
>>       *.example.com) echo sshident=com_key ;;
>>       *.example.net) echo sshident=net_key ;;
>>     esac
>>   done
>>
>> But it feels a bit hacky to be using the credential helpers at all for
>> ssh connections.
>
> Yeah, perhaps.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]