The short version:
Is there any way to set up automatic public-key-based ssh authentication from one Linux account to two different Github accounts?
I have two Github accounts, a work one and a personal one, which I want to keep entirely separate.
I already set up automatic ssh authentication (using my ~/.ssh/id_rsa.pub) in my work Github account. It works fine.
When I try to add the same ssh key to my personal Github account, I get the error that the "key is already in use."
EDIT: OK, I guess that one may be able to do what I want to do through suitable settings in ~/.ssh/config, but I have not yet figured out what these should be. For one thing, it's not clear to me how to specify two different authentication details (User, IdentityFile) for the same host (github.com), and once I do, I don't see how git knows which of the two keys to present when I do git push.
You need to create two sets of (public/private) keys, one for each account.
You can reference them through an ssh config file, as detailed in "GitHub: Multiple account setup"/
#Account one
Host github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile /c/Users/yourname/.ssh/id_rsa
User git
#Account two
Host ac2.github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile /c/Users/yourname/.ssh/id_rsa_ac2
User git
It seems GitHub doesn't allow the same RSA key for two repositories.
As workaround, you've to create separate RSA keys for each site:
ssh-keygen -t rsa -f rsa_site1
ssh-keygen -t rsa -f rsa_site2
This will generate private and public keys. Then add public keys into GitHub to Deploy keys.
Then deploy your private keys into the remote:
cat rsa_site1 | ssh user#remote "cat > ~/.ssh/rsa_site1 && chmod 600 ~/.ssh/rsa_site1"
cat rsa_site2 | ssh user#remote "cat > ~/.ssh/rsa_site2 && chmod 600 ~/.ssh/rsa_site2"
And to fetch your private repository on the server, you can use something like:
ssh user#remote 'ssh-agent sh -c '\''cd /webroot/site1 && ssh-add ~/.ssh/rsa_site1 && git fetch git#github.com:priv/site1.git'\'
ssh user#remote 'ssh-agent sh -c '\''cd /webroot/site2 && ssh-add ~/.ssh/rsa_site2 && git fetch git#github.com:priv/site2.git'\'
Related
I have two GitHub accounts setup with ssh keys, one personal and one enterprise.
I have an ssh config file as such:
# * GitHub CKO SSH Key
Host github-enterprise
HostName github.com
AddKeysToAgent yes
UseKeychain yes
User git
IdentityFile ~/.ssh/id_ed25519_github
# * GitHub Personal SSH Key
Host github-personal
HostName github.com
AddKeysToAgent yes
UseKeychain yes
User git
IdentityFile ~/.ssh/gh_mervinhemaraju_ed25519
Both keys were created seperately and attached to the respective account.
The weird issue is that I was using this for like a month, and it was working. Today, when i logged in, i committed some work on my personal repo and when i tried to do a remote push (which was working for this repo previously), i got and user permission denied.
I then performed an ssh test on both ssh keys and the results was as such:
ssh -T ssh -T git#github-personal
Hi mervin-hemaraju-enterprise! You've successfully authenticated, but GitHub does not provide shell access.
ssh -T git#github-enterprise
Hi mervin-hemaraju-cko! You've successfully authenticated, but GitHub does not provide shell access.
The personal key test is wrong. It should've been Hi mervinhemaraju! You've successfully authenticated, but GitHub does not provide shell access. since mervinhemaraju is my personal account, but is instead referring to the enterprise one.
I am on MacOs. Can someone please help ?
Add IdentitiesOnly yes for the entries in the ssh config. This will prevent the SSH Agent from trying all the keys it knows of and only use the ones specified in the config file.
Specifies that ssh should only use the identity keys configured in the ssh_config files, even if ssh-agent offers more identities.
https://www.ssh.com/academy/ssh/config
I have had a similar issue, and what I did was create a local git config that explicitly specifies which SSH key to use.
My ~/.ssh/config file specifies to use my "work" ssh key, since that's most common on my work computer.
I have something like this in my ~/.ssh/config:
Host *
PreferredAuthentications publickey
IdentityFile ~/.ssh/my-work-ssh-key
ServerAliveInterval 60
In my "personal" projects, I configure Git to ignore my ~/.ssh/config file, and I set the identity file to my "personal" SSH key.
Something like this:
git config --local core.sshCommand "ssh -i ~/.ssh/my-personal-ssh-key -F /dev/null"
That puts the following in .git/config:
[core]
sshCommand = ssh -i ~/.ssh/my-personal-key -F /dev/null
I created a Keypair for Github, and now I'm trying to create another Keypair for Gitlab following this guide https://docs.gitlab.com/ee/user/ssh.html.
But how will I be able to differentiate both and know which Keypair belongs to which? Will putting different comments help me?
ssh-keygen -t ed25519-sk -C "<comment>"
You can reference them in a ~/.ssh/config file:
Host ghUser1
Hostname github.com
User git
IdentityFile ~/.ssh/key1
Host ghUser2
Hostname github.com
User git
IdentityFile ~/.ssh/key2
Replace User1 by your actual GitHub Username for instance.
You can then test the associated GitHub identity with:
ssh -T ghUser1
ssh -T ghUser2
And clone a repository with git clone ghUser1:User1/aRepository
I generated an SSH key pair without a password and added the public key to GitHub.
Connection with
user#dev:/var/www/project# ssh -T git#github.com
Hi User! You've successfully authenticated, but GitHub does not provide shell access.
was successful and when I rename the key, it fails.
But when I want to push my changes, it stills ask me for my username and password combination.
Is there a way to push without a password?
If it is asking you for a username and password, your origin remote is pointing at the HTTPS URL rather than the SSH URL.
Change it to ssh.
For example, a GitHub project like Git will have an HTTPS URL:
https://github.com/<Username>/<Project>.git
And the SSH one:
git#github.com:<Username>/<Project>.git
You can do:
git remote set-url origin git#github.com:<Username>/<Project>.git
to change the URL.
In case you are indeed using the SSH URL, but still are asked for username and password when git pushing:
git remote set-url origin git#github.com:<Username>/<Project>.git
You should try troubleshooting with:
ssh -vT git#github.com
Below is a piece of sample output:
...
debug1: Trying private key: /c/Users/Yuci/.ssh/id_rsa
debug1: Trying private key: /c/Users/Yuci/.ssh/id_dsa
debug1: Trying private key: /c/Users/Yuci/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/Yuci/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
I actually have already added the public key to GitHub before, and I also have the private key locally. However, my private key is of a different name called /c/Users/Yuci/.ssh/github_rsa.
According to the sample output, Git is trying /c/Users/Yuci/.ssh/id_rsa, which I don't have. Therefore, I could simply copy github_rsa to id_rsa in the same directory.
cp /c/Users/Yuci/.ssh/github_rsa /c/Users/Yuci/.ssh/id_rsa
Now when I run ssh -vT git#github.com again, I have:
...
debug1: Trying private key: /c/Users/Yuci/.ssh/id_rsa
debug1: Authentication succeeded (publickey).
...
Hi <my username>! You've successfully authenticated, but GitHub does not provide shell access.
...
And now I can push to GitHub without being asked for username and password :-)
As usual, create an SSH key and paste the public key to GitHub. Add the private key to ssh-agent. (I assume this is what you have done.)
To check everything is correct, use ssh -T git#github.com
Next, don't forget to modify the remote point as follows:
git remote set-url origin git#github.com:username/your-repository.git
Additionally for gists, it seems you must leave out the username
git remote set-url origin git#gist.github.com:<Project code>
You have to use the SSH version, not HTTPS. When you clone from a repository, copy the link with the SSH version, because SSH is easy to use and solves all problems with access. You can set the access for every SSH you input into your account (like push, pull, clone, etc...)
Here is a link, which says why we need SSH and how to use it: step by step
Git Generate SSH Keys
for using SSH you must use $ git remote add origin git#github.com:USERNAME/REPOSITORY.git instead of git remote add origin remote_repository_URL.
you can check it with $ git remote -v, if you see 2 lines in the below format, it will work correctly:
origin git#github.com:username/repo-name.git (fetch)
origin git#github.com:username/repo-name.git (push)
Like the other users mentioned, you must convert it from using HTTPS to SSH. I don't see an answer with an end-to-end solution. After setting up the ssh keys, do (on your local machine) :
$ git remote set-url origin git#github.com:username/your_repo.git # Convert HTTPS -> SSH
$ ssh-add ~/.ssh/id_rsa_github # add private github ssh key ssh-agent (assuming you have it already running)
$ git push
You did everything ok but git still asking by password, this worked for me, execute the next commando in your current project's path:
~ ssh-add -K ~/.ssh/id_rsaYourIdRsa
Add your SSH private key to the ssh-agent and store your passphrase in the keychain. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsaYourIdRsa in the command with the name of your private key file.
Using the command line:
Enter ls -al ~/.ssh to see if existing SSH keys are present.
In the terminal is shows: No directory exist
Then generate a new SSH key
Step 1.
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
step 2.
Enter a file in which to save the key (/Users/you/.ssh/id_rsa): <here is file name and enter the key>
step 3.
Enter passphrase (empty for no passphrase): [Type a password]
Enter same passphrase again: [Type password again]
I use my project at work, but I would like to work with him from home as I can log into my home machine to work with my project.
However, from home, I see the following message:
The authenticity of host 'github.com (ip)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no)?
How can I get past it?
You should simply be able to answer 'yes', which will update your ~/.ssh/known_hosts file.
A better approach, to avoid any MITM (Man-In-The-Middle) attack, would be (as commented below by Mamsds) to verify Github's public key first (see "GitHub's SSH key fingerprints") and, if you find a match, then you can answer 'yes'.
Example:
ssh-keyscan -t ecdsa github.com 2>&1 |ssh-keygen -lf -
256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM github.com (ECDSA)
After that, you can use a GitHub SSH URL (provided you have generated the SSH public/private keys, and registered the public one to your GitHub profile)
Note: the ssh key generation should use the base64 old PEM format (option -m PEM), rather than the new current 70 chars OpenSSH one.
See "What is the correct format for private key in Credentials":
ssh-keygen -m PEM -t rsa -P "" -f afile
That or you can switch to an HTTPS URL.
As you are attempting to connect to Github using SSH for the first time (no existing entry for Github in ~/.ssh/known_hosts yet), you are being asked to verify the key fingerprint of the remote host. Because, if an intruder host represents itself as a Github server, it's RSA fingerprint will be different from that of a GitHub server fingerprint.
You have two options.
You may just accept, considering you don't care about the authenticity of the remote host (Github in this case), or,
You may verify that you are actually getting connected to a Github server, by matching the RSA fingerprint you are presented to (in the prompt), with GitHub's SSH key fingerprints in base64 format.
The latter option is usually more preferable.
Just add Github fingerprint to known hosts this way:
mkdir -p ~/.ssh
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
Use one of the following two solutions:
1) Set up the SSH key
Follow the steps discussed on this GitHub help page.
https://help.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh
2) Clone using git with HTTPS
Type (copy/paste) the following commands in a terminal on the machine where you would like to clone the repository
git config --global url."https://github.com/".insteadOf git#github.com:
git config --global url."https://".insteadOf git://
You can revert this change using the following commands
git config --global url."git#github.com:".insteadOf https://github.com/
git config --global url."git://".insteadOf https://
Try these steps:
Open Git Bash
Check for existing SSH keys:
$ ls -al ~/.ssh
If you already have them, you will see:
id_rsa.pub
id_ecdsa.pub
id_ed25519.pub
If you don't, generate one (Press Enter to accept the default file location):
$ ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
To copy the key to clipboard:
$ clip < ~/.ssh/id_rsa.pub
Go to your account on Github/Settings/SSH and GPG keys/New SSH key
Paste your key there
Next, type:
$ git remote
If you see origin, remove it:
$ git remote remove origin
Continue with the last 2 steps provided on GitHub repo page...
$ git remote add origin git#github.com:USERNAME/REPONAME.git
$ git push -u origin master
Refresh your GitHub repo page
Voila!
1- Create SSH key
if you don't have the ssh-key create it like this:
ssh-keygen -t rsa -b 4096 -C "youremail#example.com"
2- Check your SSH key
For this go to your folder ssh, example:
cd ~/.ssh
after that, run this command line : ls
if you have the files: id_rsa, id_rsa.pub so the all is good
now you need to copy your id_rsa.pub ! (⚠️ NOT the id_rsa)
for this run cat id_rsa.pub and copy the result
3- Github / Gitlab
Go to your github / gitlab.
Follow the step by your hosting:
github: Click on your profile -> Settings -> SSH and GPG Keys -> New SSH key
gitlab: Click on your profile -> preferences -> SSH keys
past your id_rsa.pub that you have already copied !
4- If you have already did it and it's already not working ??
When your enter your ssh-key in github / gitlab your key have a Expiration date so you just need to change it
That it ! Have a good work 😀
You just need to type yes and it will work, for more information you can refer to the Official Github documentation. This will give an output saying
Hi <username>! You've successfully authenticated, but GitHub does not provide shell access.
Here is my setup:
Jenkins is running on my linux machine as 'jenkins' user.
I have generated a ssh key-pair as described in Linux - Setup Git, for the 'jenkins' user.
When I sudo su jenkins and try ssh -vT git#github.com, I am always asked my passphrase, but I am always eventually authenicated. (the verbose option shows which key is used, among others).
I could clone my repo from GitHub using jenkins:
Thusly:
jenkins#alpm:~/jobs/test git/workspace$ git pull
Enter passphrase for key '/var/lib/jenkins/.ssh/id*_rsa':
Already up-to-date.
Up to this point I have followed the instructions to the letter. The problem is that the Jenkins job fails with the following error:
status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This is same error as I get when I typo the passphrase (but of course, Jenkins does not ask me for the passphrase). The following pages:
GitHub - SSH Issues
Using SSH Agent Forwarding
indicate to me that ssh-agent could help remember the passphrase, which it does when I am using my own user, but not the jenkins id. Note that while running as my normal user yields:
echo "$SSH_AUTH_SOCK"
/tmp/keyring-nQlwf9/ssh
While running the same command as my 'jenkins' yields nothing (not even permission denied)
My understanding of the problem is that the passphrase is not remembered.
Do you have any idea?
Shall I start a ssh-agent or key ring manager for the jenkins user? How?
Or is ssh forwarding suitable when forwarding to the same machine?
Any brighter idea?
ps: I never sudo gitted, I always used jenkins or my user account (as mentioned in this SO post - Ubuntu/GitHub SSH Key Issue)
Since nobody wrote the answer from the comments for several months, I will quickly do so.
There are 2 possible problems/solutions:
id_rsa created with wrong user
Create id_rsa as the jenkins user (see hudson cannot fetch from git repository)
Leave passphrase empty
To summarise what must be done on the Jenkins server:
# 1. Create the folder containing the SSH keys if necessary
if [ ! -e ~jenkins/.ssh ]; then mkdir ~jenkins/.ssh; fi
cd ~jenkins/.ssh/
# 2. Create the SSH pair of keys
# The comment will help to identify the SSH key on target systems
ssh-keygen -C "jenkins" -f ~jenkins/.ssh/id_rsa -P ""
# 3. Assign the proper access rights
chown -R jenkins ~jenkins/.ssh/
chmod 700 ~jenkins/.ssh
chmod 600 ~jenkins/.ssh/*
Remember:
Please keep the default "id_rsa" name when generating the keys, as other such as "id_rsa_jenkins" won't work, even if correctly set up.
Do not use a passphrase for your key
Check that the public key (id_rsa.pub) has been uploaded on the git server (GitHub, Bitbucket, etc). Once done, test your SSH key by running: ssh -vvv git#github.com (change address according to your git server)
I got around this problem by simply leaving the passphrase empty when creating the keys.
I would add that if you created the keys by hand, they might still be owned by you and not readable by jenkins, try:
sudo chown jenkins -R /var/lib/jenkins/.ssh/*
To check are the following:
if the right public key (id_rsa.pub) is uploaded to the git-server.
jenkins user will access to github -> to CHECK if the right private key (id_rsa) is copied to /var/lib/jenkins/.ssh/
if the known_hosts file is created inside ~/.ssh folder. Try ssh -vvv git#github.com to see debug logs. If thing goes well, github.com will be added to known_hosts.
if the permission of id_rsa is set to 755 (chmod 755 id_rsa)
After all checks -> try ssh -vvv git#github.com
Dont try to do config in jenkins until ssh works!
If you are running jenkins as a service in windows, you need to verify the user running the service. If you created the keys using the user "MACHINENAME\user", change the service so the user running it can match
For Mac users, the issue can be solved by removing the existing keys and creating new Private and Public Keys by following these steps:
1.Remove all Public and Private keys located at /Users/Username/.ssh
2.Remove all the credentials saved under the Credentials tab in Jenkins.
3.Remove the existing Public SSH keys defined in the Github Repository Settings.
4.Create new SSH keys (private and public: id_rsa and id_rsa.pub) by following the steps from https://confluence.atlassian.com/bitbucketserver/creating-ssh-keys-776639788.html#CreatingSSHkeys-CreatinganSSHkeyonLinux&MacOSX
5.Set the newly created public SSH key (id_rsa.pub) in Github or an equivalent Repository Settings.
6.In Jenkins,create new credentials by adding the private SSH key(id_rsa) for your Github username.
7.The Error should be removed now.
keys need to generated from jenkins user.
sudo su jenkins
ssh-keygen
once the key is generated, it should be added as ssh key in bitbucket or github.