On Wed, Sep 30, 2020 at 02:13:20PM +0530, Danishka Navin <danishka@xxxxxxxxx> wrote: > On Wed, Sep 30, 2020 at 1:40 PM raf <ssh@xxxxxxx> wrote: > > > On Wed, Sep 30, 2020 at 03:35:43PM +1000, Damien Miller <djm@xxxxxxxxxxx> > > wrote: > > > > > On Wed, 30 Sep 2020, raf wrote: > > > > > > > Hi, > > > > > > > > I have a VM with a git repository whose origin is on > > > > github. I have several keys known to github, so I needed > > > > to set git's core.sshcommand config parameter in the > > > > repository to something like this: > > > > > > > > ssh -i ~/.ssh/id_ed25519_github2 > > > > > > > > But it meant that I needed to copy that key to the VM. > > > > The same key is available via my forwarded ssh-agent > > > > connection. Is it possible to tell ssh to use that > > > > instead of the key in a file? The documentation for the > > > > -i option only mentions files. > > > > > > ssh will read the public key (id_ed25519_github2.pub) to identify the key > > > before it tries to use the private key (id_ed25519_github2). If the > > private > > > key is available in the agent then it will never try to use the private > > key > > > file. > > > > > > Summary: copy id_ed25519_github2.pub to your VM and the above command > > will > > > work. > > > > > > -d > > > > Hi Damien, > > > > Thanks. That's brilliant. > > It should get a mention in the manpage. > > I've attached a patch for ssh.1. > > > > However, I've just tried it and it didn't work for me. :-( > > > > $ git config core.sshcommand > > ssh -i ~/.ssh/id_ed25519_github2 > > > > $ ls -l ~/.ssh/id* > > -rw-r--r-- 1 raf raf 110 Dec 19 2019 > > /home/raf/.ssh/id_ed25519_github2.pub > > > > $ cat ~/.ssh/id_ed25519_github2.pub > > ssh-ed25519 > > AAAAC3NzaC1lZDI1NTE5AAAAIHrmJ0gYTmZlilDBB/BsyOHqOT354aDLWgULmMPXRkJK > > user@xxxxxxxxxx > > > > $ ssh-add -L > > ssh-ed25519 > > AAAAC3NzaC1lZDI1NTE5AAAAIHrmJ0gYTmZlilDBB/BsyOHqOT354aDLWgULmMPXRkJK > > user@xxxxxxxxxx > > [...] > > > > $ git pull > > Warning: Identity file /home/raf/.ssh/id_ed25519_aps_github not > > accessible: No such file or directory. > > ERROR: Repository not found. > > > > >From where this id_ed25519_*aps*_githubfile coming? Sorry, that's the real name of the key file. I missed changing it to match the other appearances. The point in using ...github2 was to indicate the fact that I have multiple keys in my agent that are known to github, and without telling ssh which one to use for a given git repository, ssh would try all the keys in some arbitrary(?) order and one of the others might be tried first and work, i.e. one of the keys that doesn't have write permission to the repository in question because it is for a different github account. This is probably only an issue when you have multiple working keys for a server, but only one of them will get you what you actually need after the original authentication has taken place. Github is probably a special case because all accounts use the same ssh username "git". cheers, raf _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
