Re: [BUG] Git is not using the configured SSH key when there is another SSH key added to the SSH agent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2021-03-27 at 18:31:10, Utku wrote:
> # Versions
> 
> - Git 2.30.1
> - macOS 10.15.7
> 
> # Steps to Reproduce
> 
> - Have two SSH key pairs on your machine, one with a passphrase and
> other without. The keys were created by running `ssh-keygen` in my
> case.
> 
> - Add the key with a passphrase to the SSH agent by running `ssh-add`
> and entering the passphrase.
> 
> - Have an entry like the following in your `~/.ssh/config`:
> 
>       Host someName
>           HostName bitbucket.org
>           User git
>           IdentityFile ~/.ssh/private-key-of-the-pair-without-a-passphrase
> 
> 
> - Add the public key of the pair without a passphrase to your BitBucket
> account.
> 
> - Run `git clone someName:path/to/your/repository.git`. You will get a
> not authorized error. As far as I can tell, this means that Git has
> tried to use the key with the passphrase (which is added to the SSH
> agent). Since this key is **not** the key that was added to the
> BitBucket account, we received a not authorized error.
> 
> - Add the key without a passphrase to your SSH agent by running
> `ssh-add` and try the same command (`git-clone`) again. It will work.
> 
> - Now, remove both keys from the SSH agent by running `ssh-add -D` and
> try and try the same command (`git-clone`) again. It will still work.
> 
> I didn't test but don't believe this has something to do with the key
> having a passphrase or not. Also, I believe that I'm not using macOS
> Keychain to store the decrypted keys.

This behavior is completely due to SSH.  Git doesn't tell OpenSSH to
behave in any particular way; instead, it tells it to make a connection
with the specified parameters to the specified server, and OpenSSH makes
its own decision about what that means.

In your case, the option you want is "IdentitiesOnly yes".  This tells
OpenSSH to always use the specified identity, even if a different one is
available in the agent.  You can add it to the configuration that you
have above and things should work.

You can also see an example of this configuration in the FAQ:
https://git-scm.com/docs/gitfaq#multiple-accounts-ssh
-- 
brian m. carlson (he/him or they/them)
Houston, Texas, US

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux