GitHub using the wrong SSH key - github

I have two GitHub accounts setup with ssh keys, one personal and one enterprise.
I have an ssh config file as such:
# * GitHub CKO SSH Key
Host github-enterprise
HostName github.com
AddKeysToAgent yes
UseKeychain yes
User git
IdentityFile ~/.ssh/id_ed25519_github
# * GitHub Personal SSH Key
Host github-personal
HostName github.com
AddKeysToAgent yes
UseKeychain yes
User git
IdentityFile ~/.ssh/gh_mervinhemaraju_ed25519
Both keys were created seperately and attached to the respective account.
The weird issue is that I was using this for like a month, and it was working. Today, when i logged in, i committed some work on my personal repo and when i tried to do a remote push (which was working for this repo previously), i got and user permission denied.
I then performed an ssh test on both ssh keys and the results was as such:
ssh -T ssh -T git#github-personal
Hi mervin-hemaraju-enterprise! You've successfully authenticated, but GitHub does not provide shell access.
ssh -T git#github-enterprise
Hi mervin-hemaraju-cko! You've successfully authenticated, but GitHub does not provide shell access.
The personal key test is wrong. It should've been Hi mervinhemaraju! You've successfully authenticated, but GitHub does not provide shell access. since mervinhemaraju is my personal account, but is instead referring to the enterprise one.
I am on MacOs. Can someone please help ?

Add IdentitiesOnly yes for the entries in the ssh config. This will prevent the SSH Agent from trying all the keys it knows of and only use the ones specified in the config file.
Specifies that ssh should only use the identity keys configured in the ssh_config files, even if ssh-agent offers more identities.
https://www.ssh.com/academy/ssh/config

I have had a similar issue, and what I did was create a local git config that explicitly specifies which SSH key to use.
My ~/.ssh/config file specifies to use my "work" ssh key, since that's most common on my work computer.
I have something like this in my ~/.ssh/config:
Host *
PreferredAuthentications publickey
IdentityFile ~/.ssh/my-work-ssh-key
ServerAliveInterval 60
In my "personal" projects, I configure Git to ignore my ~/.ssh/config file, and I set the identity file to my "personal" SSH key.
Something like this:
git config --local core.sshCommand "ssh -i ~/.ssh/my-personal-ssh-key -F /dev/null"
That puts the following in .git/config:
[core]
sshCommand = ssh -i ~/.ssh/my-personal-key -F /dev/null

Related

Trying to setup dual repo SSH config file

I've successfully had my MacBook working with my own Github repo for years. Recently, I tried to setup my computer to access both my own Github repo and the Github repo for my work account. I read many articles and threads and learned that this is supposed work with the SSH config file. I've tried many things but just can't get it to work.
In my .ssh directory I have these files:
config
id_ed25519
id_ed25519.pub
id.rsa
id_rsa.pub
The first private/public key is for my work account and the second is for my personal account.
Here's the config file I [naively] created:
Host https://github.com/employer
HostName github.com
IdentitiesOnly yes
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_ed25519
Host RobertWerner-MWTech.github.com
HostName github.com
IdentitiesOnly yes
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
I've obscured the name of my employer but that http://... address is what my DevOps colleague told me to add. For my personal account, the first part - RobertWerner-MWTech is my Github account name. I don't know if RobertWerner-MWTech.github.com is the correct host name.
Anyhow, it seems that the config file has no actual effect. Even with it in place, I can't access both repos at the same time. The best I can achieve now is to run ssh-agent whenever I want to use a specific repo, like this:
eval "$(ssh-agent -s)"
ssh-add --apple-use-keychain ~/.ssh/id_ed25519
OR
eval "$(ssh-agent -s)"
ssh-add --apple-use-keychain ~/.ssh/id_rsa
While this does allow me to switch back & forth between the two repos, it would be fantastic if I could actually get the config file to work as it's supposed to.
Any guidance on how to resolve this would be much appreciated!
Robert

How to differentiate two separate SSH Key pairs for Github and Gitlab

I created a Keypair for Github, and now I'm trying to create another Keypair for Gitlab following this guide https://docs.gitlab.com/ee/user/ssh.html.
But how will I be able to differentiate both and know which Keypair belongs to which? Will putting different comments help me?
ssh-keygen -t ed25519-sk -C "<comment>"
You can reference them in a ~/.ssh/config file:
Host ghUser1
Hostname github.com
User git
IdentityFile ~/.ssh/key1
Host ghUser2
Hostname github.com
User git
IdentityFile ~/.ssh/key2
Replace User1 by your actual GitHub Username for instance.
You can then test the associated GitHub identity with:
ssh -T ghUser1
ssh -T ghUser2
And clone a repository with git clone ghUser1:User1/aRepository

Github: I have to make a new SSH key after every use

I have a school and a personal Github, so I made an SSH key for my personal account and linked it up. It always works only once, then gives me
Push Failed
Git#github.com: Permission denied (publickey). Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
It works fine again after I delete the old SSH and make a new one, but this is obviously a huge hassle. I am on Windows 10, using Git Bash, and IDE is IntelliJ.
Any ideas? Thanks.
I solved this problem in the following way:
1.Create a file named config in the path $USER_HOME/.ssh/, then add following content.
# For school account
Host school_github
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_school
# For personal account
Host personal_github
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
2.Run following command using git bash:
Change your school github repository configuration
git remote rm origin
git remote add origin git#school_github:your_github_username/your_repo_name.git
You can hava a try.
You don't need to create SSH keys for each git service just upload the same public key to both personal and school accounts and it will work.
SSH public key is tied to you local account you have generate SSH keys only if you are using different local(machine) account or different machine
Seems to me like when you try to authenticate, you are probably not using your keys.
If you run the command
ssh-add -l
You (should) see a list of all your keys. Each time you start a new session, make sure to start up the agent and add your keys.
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa

How to set up authentication for two separate GitHub accounts from same ssh client?

The short version:
Is there any way to set up automatic public-key-based ssh authentication from one Linux account to two different Github accounts?
I have two Github accounts, a work one and a personal one, which I want to keep entirely separate.
I already set up automatic ssh authentication (using my ~/.ssh/id_rsa.pub) in my work Github account. It works fine.
When I try to add the same ssh key to my personal Github account, I get the error that the "key is already in use."
EDIT: OK, I guess that one may be able to do what I want to do through suitable settings in ~/.ssh/config, but I have not yet figured out what these should be. For one thing, it's not clear to me how to specify two different authentication details (User, IdentityFile) for the same host (github.com), and once I do, I don't see how git knows which of the two keys to present when I do git push.
You need to create two sets of (public/private) keys, one for each account.
You can reference them through an ssh config file, as detailed in "GitHub: Multiple account setup"/
#Account one
Host github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile /c/Users/yourname/.ssh/id_rsa
User git
#Account two
Host ac2.github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile /c/Users/yourname/.ssh/id_rsa_ac2
User git
It seems GitHub doesn't allow the same RSA key for two repositories.
As workaround, you've to create separate RSA keys for each site:
ssh-keygen -t rsa -f rsa_site1
ssh-keygen -t rsa -f rsa_site2
This will generate private and public keys. Then add public keys into GitHub to Deploy keys.
Then deploy your private keys into the remote:
cat rsa_site1 | ssh user#remote "cat > ~/.ssh/rsa_site1 && chmod 600 ~/.ssh/rsa_site1"
cat rsa_site2 | ssh user#remote "cat > ~/.ssh/rsa_site2 && chmod 600 ~/.ssh/rsa_site2"
And to fetch your private repository on the server, you can use something like:
ssh user#remote 'ssh-agent sh -c '\''cd /webroot/site1 && ssh-add ~/.ssh/rsa_site1 && git fetch git#github.com:priv/site1.git'\'
ssh user#remote 'ssh-agent sh -c '\''cd /webroot/site2 && ssh-add ~/.ssh/rsa_site2 && git fetch git#github.com:priv/site2.git'\'

Permission denied (public key) during fetch from GitHub with Jenkins user on Ubuntu

Here is my setup:
Jenkins is running on my linux machine as 'jenkins' user.
I have generated a ssh key-pair as described in Linux - Setup Git, for the 'jenkins' user.
When I sudo su jenkins and try ssh -vT git#github.com, I am always asked my passphrase, but I am always eventually authenicated. (the verbose option shows which key is used, among others).
I could clone my repo from GitHub using jenkins:
Thusly:
jenkins#alpm:~/jobs/test git/workspace$ git pull
Enter passphrase for key '/var/lib/jenkins/.ssh/id*_rsa':
Already up-to-date.
Up to this point I have followed the instructions to the letter. The problem is that the Jenkins job fails with the following error:
status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This is same error as I get when I typo the passphrase (but of course, Jenkins does not ask me for the passphrase). The following pages:
GitHub - SSH Issues
Using SSH Agent Forwarding
indicate to me that ssh-agent could help remember the passphrase, which it does when I am using my own user, but not the jenkins id. Note that while running as my normal user yields:
echo "$SSH_AUTH_SOCK"
/tmp/keyring-nQlwf9/ssh
While running the same command as my 'jenkins' yields nothing (not even permission denied)
My understanding of the problem is that the passphrase is not remembered.
Do you have any idea?
Shall I start a ssh-agent or key ring manager for the jenkins user? How?
Or is ssh forwarding suitable when forwarding to the same machine?
Any brighter idea?
ps: I never sudo gitted, I always used jenkins or my user account (as mentioned in this SO post - Ubuntu/GitHub SSH Key Issue)
Since nobody wrote the answer from the comments for several months, I will quickly do so.
There are 2 possible problems/solutions:
id_rsa created with wrong user
Create id_rsa as the jenkins user (see hudson cannot fetch from git repository)
Leave passphrase empty
To summarise what must be done on the Jenkins server:
# 1. Create the folder containing the SSH keys if necessary
if [ ! -e ~jenkins/.ssh ]; then mkdir ~jenkins/.ssh; fi
cd ~jenkins/.ssh/
# 2. Create the SSH pair of keys
# The comment will help to identify the SSH key on target systems
ssh-keygen -C "jenkins" -f ~jenkins/.ssh/id_rsa -P ""
# 3. Assign the proper access rights
chown -R jenkins ~jenkins/.ssh/
chmod 700 ~jenkins/.ssh
chmod 600 ~jenkins/.ssh/*
Remember:
Please keep the default "id_rsa" name when generating the keys, as other such as "id_rsa_jenkins" won't work, even if correctly set up.
Do not use a passphrase for your key
Check that the public key (id_rsa.pub) has been uploaded on the git server (GitHub, Bitbucket, etc). Once done, test your SSH key by running: ssh -vvv git#github.com (change address according to your git server)
I got around this problem by simply leaving the passphrase empty when creating the keys.
I would add that if you created the keys by hand, they might still be owned by you and not readable by jenkins, try:
sudo chown jenkins -R /var/lib/jenkins/.ssh/*
To check are the following:
if the right public key (id_rsa.pub) is uploaded to the git-server.
jenkins user will access to github -> to CHECK if the right private key (id_rsa) is copied to /var/lib/jenkins/.ssh/
if the known_hosts file is created inside ~/.ssh folder. Try ssh -vvv git#github.com to see debug logs. If thing goes well, github.com will be added to known_hosts.
if the permission of id_rsa is set to 755 (chmod 755 id_rsa)
After all checks -> try ssh -vvv git#github.com
Dont try to do config in jenkins until ssh works!
If you are running jenkins as a service in windows, you need to verify the user running the service. If you created the keys using the user "MACHINENAME\user", change the service so the user running it can match
For Mac users, the issue can be solved by removing the existing keys and creating new Private and Public Keys by following these steps:
1.Remove all Public and Private keys located at /Users/Username/.ssh
2.Remove all the credentials saved under the Credentials tab in Jenkins.
3.Remove the existing Public SSH keys defined in the Github Repository Settings.
4.Create new SSH keys (private and public: id_rsa and id_rsa.pub) by following the steps from https://confluence.atlassian.com/bitbucketserver/creating-ssh-keys-776639788.html#CreatingSSHkeys-CreatinganSSHkeyonLinux&MacOSX
5.Set the newly created public SSH key (id_rsa.pub) in Github or an equivalent Repository Settings.
6.In Jenkins,create new credentials by adding the private SSH key(id_rsa) for your Github username.
7.The Error should be removed now.
keys need to generated from jenkins user.
sudo su jenkins
ssh-keygen
once the key is generated, it should be added as ssh key in bitbucket or github.