I'm on an M1 Macbook Pro 16" if this information matters at all.
Here is a list of things I did !AFTER! removing the contents of the config file.
$ ssh -v localhost
OpenSSH_8.6p1, LibreSSL 3.3.6
I have created a simple ssh file using the recommended type:
$ ssh-keygen -t ed25519 -C "[email protected]" -f github-personal
... password, whatever
$ ls -la
.
..
bkup
config
github-personal
github-personal.pub
known_hosts
I then procede to add the public key to my account
$ cat ~/.ssh/github-personal.pub | pbcopy
Go to my account, settings, SSH and GPG, add the key, give it a relevant name.
$ ssh-add -l
The agent has no identities.
Good, as expected
$ ssh-add ~/.ssh/github-personal
password:...
$ ssh-add -l
256 SHA256: ... my.email@whatever
compare the signature with that on github, yes it's the same, everything works.
$ ssh -T [email protected]
Hi [my-name]! You've successfully authenticated, but GitHub does not provide shell access.
$ git clone [email protected]:my-user/my-repo
cloning into ... whatever it works
Nice! The bare minimum works! Now let's try having 3 github accounts, each with it's own SSH key. But ... that's scary. Let's get the exact above thing to work with a config file before even adding other accounts maybe?
contents of ~/.ssh/config:
AddKeysToAgent yes
IdentitiesOnly yes
Host personal-github
HostName github.com
User git # as instructed by git, only ever use the git user i.e. [email protected]
UseKeychain yes
IdentityFile ~/.ssh/github-personal
# PreferredAuthentications publickey,password
I had no idea if PreferredAuthentications publickey,password was messing me up, I tried with and without it. Now without.
$ ssh-add -l
yes, agent still has it, it's listed here
$ ssh -T [email protected]
[email protected]: Permission denied (publickey).
...
$ ssh-add -D
$ ssh-add -l
key not longer here
$ ssh personal-github
PTY allocation request failed on channel 0
Hi my-name! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
$ ssh-add -l
yep, key was added automatically
So, maybe here I'm missing something. I understand the following: I define in the config file a Host name-defined-by-me. This starts a function of sorts, or whatever, namespace, don't care. Where I can keep defining parameters until the next Host name-defined-by-me-2 comes up.
Then I call that name-defined-by-me to load that particular configuration.
In my case, let's go over the file again:
AddKeysToAgent yes
IdentitiesOnly yes
Host personal-github
HostName github.com
User git # as instructed by git, only ever use the git user i.e. [email protected]
UseKeychain yes
IdentityFile ~/.ssh/github-personal
# PreferredAuthentications publickey,password
I have defined globally that I want:
- To automatically add keys to the agent
- But only specifically identified keys, not everything in ~/.ssh/
- And - I THINK - only when I call
ssh name-defined-by-meor heressh personal-github
In the specific host section of personal-github, I am saying that the HostName of whom I am trying to connect to is github.com, with the User git forming [email protected].
I want to use my mac Key Chain to not provide the password every time I change the host. (I'd probably need a $ ssh-add -D between host changes). And I'm specifying the singular file I want to add.
It does add the file when I call $ssh personal-github, it doesn't ask for my password, and github responds with my name so SOMETHING must be right.
Yet, I cannot continue past that point.
$ ssh -T [email protected]
[email protected]: Permission denied (publickey).
$ rm -rf my-repo
$ git clone [email protected]:my-user-name/my-repo
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I'm at a loss.
CodePudding user response:
ssh -T [email protected]
[email protected]: Permission denied (publickey).
That is expected.
Whenever you are referencing a private key in your ~/.ssh/config file, under an entry Host key1, you need to change your URL to
ssh -Tv key1
git clone key1:me/myRepository
And you can repeat that for key2, key3, ...
CodePudding user response:
SSH Config File Location
OpenSSH client-side configuration file is named config, and it is stored in the .ssh directory under the user’s home directory. The ~/.ssh directory is automatically created when the user runs the ssh command for the first time. If the directory doesn’t exist on your system, create it using the command below:
mkdir -p ~/.ssh && chmod 700 ~/.ssh
By default, the SSH configuration file may not exist, so you may need to create it using the touch command : touch ~/.ssh/config
This file must be readable and writable only by the user and not accessible by others:
chmod 600 ~/.ssh/config
SSH Config File Structure and Patterns
The SSH Config File takes the following structure:
Host hostname1 SSH_OPTION value SSH_OPTION value
Host hostname2 SSH_OPTION value
Host * SSH_OPTION value
The contents of the SSH client config file is organized into stanzas (sections). Each stanza starts with the Host directive and contains specific SSH options used when establishing a connection with the remote SSH server.
Indentation is not required but is recommended since it makes the file easier to read.
The Host directive can contain one pattern or a whitespace-separated list of patterns. Each pattern can contain zero or more non-whitespace character or one of the following pattern specifiers: * - Matches zero or more characters. For example, Host * matches all hosts, while 192.168.0.* matches hosts in the 192.168.0.0/24 subnet. ? - Matches exactly one character. The pattern, Host 10.10.0.? matches all hosts in 10.10.0.[0-9] range. ! - When used at the start of a pattern, it negates the match. For example, Host 10.10.0.* !10.10.0.5 matches any host in the 10.10.0.0/24 subnet except 10.10.0.5.