I'm having some issues juggling two different SSH keys on my machine. I have two GitHub accounts with distinct usernames and ssh keys.
I have a private directory on my GitHub @ zshap/test-push
and mysteriously, when I change the readme and push it up, I'm seeing commits from my zackshapiro user, who is not a collaborator and has not been invited to that repo.
I don't understand how my other user would even be able to push to the private repo of zshap.
For good measure, the accounts have different profile pictures as well so it's easy to identify that zackshapiro has pushed to the zshap repo.
Also for good measure, I use these aliases to set my ssh key in terminal:
alias ssh-personal="ssh-add -D; ssh-add -K ~/.ssh/key1"
alias ssh-zshap="ssh-add -D; ssh-add -K ~/.ssh/key3"
Also for good measure, I've deleted the SSH key, key2
, and created a new key3
using GitHub's tutorial in case I'd accidentally uploaded an existing key to GitHub. Additionally, I've ensured that the signatures shown in the SSH and GPG Keys section of GitHub settings are all different.
My ~/.ssh/config
:
Host zackshapiro
HostName github.com
User git
IdentityFile ~/.ssh/key1
IdentitiesOnly yes
Host zshap
HostName github.com
User git
IdentityFile ~/.ssh/key3
IdentitiesOnly yes
Host *
AddKeysToAgent yes
UseKeychain yes
This is very confusing and the other answers to how to use multiple ssh keys on one machine don't seem to address this particular case. I'd love some help here so I'm not crossing these wires.
Thanks!
Edit
If I run ssh -T
, I get a correct username here so it's extra strange that the commits are coming from my other user and ssh key
$ ssh -T [email protected]
Hi zshap! You've successfully authenticated, but GitHub does not provide shell access.
Edit 2
In my foo
repo directory, I can run ssh-personal
and then git push
to push a new commit and I get the error (correctly):
ERROR: Repository not found. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
Then when I run ssh-zshap
and git push
, I can successfully push but the commit message is from the wrong user! It's by the zackshapiro GitHub user instead of the zshap user.
CodePudding user response:
The Author
and Committer
fields are set by git itself, not by github. Consequently, the SSH keys used to authenticate to github can't change the commit.
This is particularly true because commits are identified by hash. Changing a commit thus changes its hash -- this is an important security and tamperproofing constraint, not to mention one that underpins a lot of the implementation.
If you want to set your identity for git's purpose, you can do that several ways, shown below in order of precedence (so if more than one of these are set, the one earlier in the list wins):
- Via the environment with
GIT_AUTHOR_NAME
,GIT_AUTHOR_EMAIL
,GIT_COMMITTER_NAME
andGIT_COMMITTER_EMAIL
. One important note: Using these can override preexisting values for both author and committer when doing agit commit --amend
; normally only committer is updated during an amend. - Via per-project configuration in
yourproject/.git/config
, which can be modified withgit config user.name "Your Name"; git config user.email "[email protected]"
- Via user-specific "global" configuration in
~/.gitconfig
(or$XDG_CONFIG_HOME/git/config
), which can be modified withgit config --global user.name "Your Name"; git config --global user.email "[email protected]"
. The location used to retrieve this can be overridden with the environment variableGIT_CONFIG_GLOBAL
. - Via systemwide configuration in
/etc/gitconfig
. The location used to retrieve this can be overridden with the environment variableGIT_CONFIG_SYSTEM
.
If you want to have multiple global configuration profiles you swap between, consider using the GIT_CONFIG_GLOBAL
configuration file to specify an alternate location for ~/.gitconfig
depending on which profile you want to have active at a given time.
If you want to prove your identity to others, that's the purpose of signed commits, a feature that requires you to set up an OpenPGP keypair.