Home > Enterprise >  Why doesn't changing my SSH key make the correct author be shown for my commits?
Why doesn't changing my SSH key make the correct author be shown for my commits?

Time:10-10

I'm having some issues juggling two different SSH keys on my machine. I have two GitHub accounts with distinct usernames and ssh keys.

I have a private directory on my GitHub @ zshap/test-push and mysteriously, when I change the readme and push it up, I'm seeing commits from my zackshapiro user, who is not a collaborator and has not been invited to that repo.

I don't understand how my other user would even be able to push to the private repo of zshap.

For good measure, the accounts have different profile pictures as well so it's easy to identify that zackshapiro has pushed to the zshap repo.

Also for good measure, I use these aliases to set my ssh key in terminal:

alias ssh-personal="ssh-add -D; ssh-add -K ~/.ssh/key1"

alias ssh-zshap="ssh-add -D; ssh-add -K ~/.ssh/key3"

Also for good measure, I've deleted the SSH key, key2, and created a new key3 using GitHub's tutorial in case I'd accidentally uploaded an existing key to GitHub. Additionally, I've ensured that the signatures shown in the SSH and GPG Keys section of GitHub settings are all different.

My ~/.ssh/config:

Host zackshapiro
    HostName github.com
    User git
    IdentityFile ~/.ssh/key1
    IdentitiesOnly yes

Host zshap
    HostName github.com
    User git
    IdentityFile ~/.ssh/key3
    IdentitiesOnly yes

Host *
  AddKeysToAgent yes
  UseKeychain yes

This is very confusing and the other answers to how to use multiple ssh keys on one machine don't seem to address this particular case. I'd love some help here so I'm not crossing these wires.

Thanks!

Edit

If I run ssh -T, I get a correct username here so it's extra strange that the commits are coming from my other user and ssh key

$ ssh -T [email protected]
Hi zshap! You've successfully authenticated, but GitHub does not provide shell access.

Edit 2

In my foo repo directory, I can run ssh-personal and then git push to push a new commit and I get the error (correctly):

ERROR: Repository not found. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.

Then when I run ssh-zshap and git push, I can successfully push but the commit message is from the wrong user! It's by the zackshapiro GitHub user instead of the zshap user.

CodePudding user response:

The Author and Committer fields are set by git itself, not by github, when you first run git commit to create a commit. Everything in that commit becomes part of the commit's hash, and therefore can't be changed without invalidating both that commit and every other commit that refers to it (or at least, rewriting all the impacted commits to be identified by a new and different hash). Consequently, the SSH keys used to authenticate to github can't change the commit itself.

If you want to set your identity for git's purpose, you can do that several ways, shown below in order of precedence (so if more than one of these are set, the one earlier in the list wins):

  • Via the environment with GIT_AUTHOR_NAME, GIT_AUTHOR_EMAIL, GIT_COMMITTER_NAME and GIT_COMMITTER_EMAIL. One important note: Using these can override preexisting values for both author and committer when doing a git commit --amend; normally only committer is updated during an amend.
  • Via per-project configuration in yourproject/.git/config, which can be modified with git config user.name "Your Name"; git config user.email "[email protected]"
  • Via user-specific "global" configuration in ~/.gitconfig (or $XDG_CONFIG_HOME/git/config), which can be modified with git config --global user.name "Your Name"; git config --global user.email "[email protected]". The location used to retrieve this can be overridden with the environment variable GIT_CONFIG_GLOBAL.
  • Via systemwide configuration in /etc/gitconfig. The location used to retrieve this can be overridden with the environment variable GIT_CONFIG_SYSTEM.

If you want to have multiple global configuration profiles you swap between, consider using the GIT_CONFIG_GLOBAL configuration file to specify an alternate location for ~/.gitconfig depending on which profile you want to have active at a given time.

If you want to prove your identity to others, that's the purpose of signed commits, a feature that requires you to set up an OpenPGP keypair.

  • Related