Home > other >  I've been trying to reconfigure my SSH key
I've been trying to reconfigure my SSH key

Time:11-29

I keep getting the following error:

 git commit -sam "blah blah blah"
fatal: either user.signingkey or gpg.ssh.defaultKeyCommand needs to be configured

I just updated Git completely trying to figure this out, so it's completely up to date, and then I successfully added all of my usual configurations to the new version now running in Git Bash. I've repeatedly gone to Github's SSH key generator and followed the directions one by one. AND AFTER ALL THAT, I'M STILL GETTING THIS ERROR.

I am unable to make commits ANYWHERE on my local machine (Git Bash, Terminal, GitKraken; I even broke down and tried Github Desktop), much less signed, annotated commits, as is my habit. I removed the expired keys from my Github account. I DON'T KNOW WHAT ELSE TO DO.

I'm about to lose my mind.

CodePudding user response:

You're mixing together the concepts of ssh keys (which are somewhat generalized and apply across all of ssh, and which you can use to authenticate yourself to GitHub) and Git's signed commits (and signed annotated tags). These are different, although they use related mechanisms.

In particular, to use an ssh key to sign a Git commit, you must:

  • configure your ssh locally so that it can sign commits (this may or may not already be supported depending on your OpenSSH version);
  • tell Git how to use your ssh to sign commits (this depends on your ssh version); and
  • tell Git to use ssh to sign commits.

None of these three steps use or require anything on GitHub. But this is what is failing here: you have not set up user.signingkey or gpg.ssh.defaultKeyCommand in Git, which is where that second bullet point comes in. (You're already doing the third one, but Git doesn't know how to run your ssh yet!) You'll need to figure out how to get Git to invoke the right commands on your system (which will depend somewhat on your OS and OpenSSH version).

Once you have such signed commits, however, these digital signatures are useful only to you, not to anyone else, unless you have spread the key(s) involved in these digital signatures. This is where you get GitHub involved.

See How do I sign git commits using my existing ssh key and particularly VonC's answer here to Why does git sign with GPG keys rather than using SSH keys?, to see how to do the first part. See both VonC's and other answers, particularly Jakuje's here, for some cautions involving using ssh keys here.

I don't know any of the GitHub side details here, but VonC's answers have more.

In general, it's a lot easier to use GPG for signing commits and/or annotated tags.

  • Related