Home > other >  I do not understand how to add multiple SSH for github using ssh config
I do not understand how to add multiple SSH for github using ssh config

Time:10-04

I'm on an M1 Macbook Pro 16" if this information matters at all.

Here is a list of things I did !AFTER! removing the contents of the config file.

$ ssh -v localhost
OpenSSH_8.6p1, LibreSSL 3.3.6

I have created a simple ssh file using the recommended type:

$ ssh-keygen -t ed25519 -C "[email protected]" -f github-personal
... password, whatever

$ ls -la
.
..
bkup
config
github-personal
github-personal.pub
known_hosts

I then procede to add the public key to my account

$ cat ~/.ssh/github-personal.pub | pbcopy

Go to my account, settings, SSH and GPG, add the key, give it a relevant name.

$ ssh-add -l
The agent has no identities.

Good, as expected

$ ssh-add ~/.ssh/github-personal
password:...

$ ssh-add -l
256 SHA256: ... my.email@whatever

compare the signature with that on github, yes it's the same, everything works.

$ ssh -T [email protected]
Hi [my-name]! You've successfully authenticated, but GitHub does not provide shell access.

$ git clone [email protected]:my-user/my-repo
cloning into ... whatever it works

Nice! The bare minimum works! Now let's try having 3 github accounts, each with it's own SSH key. But ... that's scary. Let's get the exact above thing to work with a config file before even adding other accounts maybe?

contents of ~/.ssh/config:

AddKeysToAgent yes
IdentitiesOnly yes

Host personal-github
    HostName github.com
    User git # as instructed by git, only ever use the git user i.e. [email protected]
    UseKeychain yes
    IdentityFile ~/.ssh/github-personal
#    PreferredAuthentications publickey,password

I had no idea if PreferredAuthentications publickey,password was messing me up, I tried with and without it. Now without.

$ ssh-add -l
yes, agent still has it, it's listed here

$ ssh -T [email protected]
[email protected]: Permission denied (publickey).

...

$ ssh-add -D
$ ssh-add -l
key not longer here

$ ssh personal-github
PTY allocation request failed on channel 0
Hi my-name! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.

$ ssh-add -l
yep, key was added automatically

So, maybe here I'm missing something. I understand the following: I define in the config file a Host name-defined-by-me. This starts a function of sorts, or whatever, namespace, don't care. Where I can keep defining parameters until the next Host name-defined-by-me-2 comes up.

Then I call that name-defined-by-me to load that particular configuration.

In my case, let's go over the file again:

AddKeysToAgent yes
IdentitiesOnly yes

Host personal-github
    HostName github.com
    User git # as instructed by git, only ever use the git user i.e. [email protected]
    UseKeychain yes
    IdentityFile ~/.ssh/github-personal
#    PreferredAuthentications publickey,password

I have defined globally that I want:

  • To automatically add keys to the agent
  • But only specifically identified keys, not everything in ~/.ssh/
  • And - I THINK - only when I call ssh name-defined-by-me or here ssh personal-github

In the specific host section of personal-github, I am saying that the HostName of whom I am trying to connect to is github.com, with the User git forming [email protected].

I want to use my mac Key Chain to not provide the password every time I change the host. (I'd probably need a $ ssh-add -D between host changes). And I'm specifying the singular file I want to add.

It does add the file when I call $ssh personal-github, it doesn't ask for my password, and github responds with my name so SOMETHING must be right.

Yet, I cannot continue past that point.

$ ssh -T [email protected]
[email protected]: Permission denied (publickey).

$ rm -rf my-repo
$ git clone [email protected]:my-user-name/my-repo
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I'm at a loss.

CodePudding user response:

ssh -T [email protected]
[email protected]: Permission denied (publickey).

That is expected.
Whenever you are referencing a private key in your ~/.ssh/config file, under an entry Host key1, you need to change your URL to

ssh -Tv key1
git clone key1:me/myRepository

And you can repeat that for key2, key3, ...

CodePudding user response:

SSH Config File Location

OpenSSH client-side configuration file is named config, and it is stored in the .ssh directory under the user’s home directory. The ~/.ssh directory is automatically created when the user runs the ssh command for the first time. If the directory doesn’t exist on your system, create it using the command below:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

By default, the SSH configuration file may not exist, so you may need to create it using the touch command : touch ~/.ssh/config

This file must be readable and writable only by the user and not accessible by others:

chmod 600 ~/.ssh/config

SSH Config File Structure and Patterns

The SSH Config File takes the following structure:

Host hostname1 SSH_OPTION value SSH_OPTION value

Host hostname2 SSH_OPTION value

Host * SSH_OPTION value

The contents of the SSH client config file is organized into stanzas (sections). Each stanza starts with the Host directive and contains specific SSH options used when establishing a connection with the remote SSH server.

Indentation is not required but is recommended since it makes the file easier to read.

The Host directive can contain one pattern or a whitespace-separated list of patterns. Each pattern can contain zero or more non-whitespace character or one of the following pattern specifiers: * - Matches zero or more characters. For example, Host * matches all hosts, while 192.168.0.* matches hosts in the 192.168.0.0/24 subnet. ? - Matches exactly one character. The pattern, Host 10.10.0.? matches all hosts in 10.10.0.[0-9] range. ! - When used at the start of a pattern, it negates the match. For example, Host 10.10.0.* !10.10.0.5 matches any host in the 10.10.0.0/24 subnet except 10.10.0.5.

  • Related