All of lore.kernel.org
 help / color / mirror / Atom feed
* [BUG] Git is not using the configured SSH key when there is another SSH key added to the SSH agent
@ 2021-03-27 18:31 Utku
  2021-03-27 18:54 ` brian m. carlson
  0 siblings, 1 reply; 3+ messages in thread
From: Utku @ 2021-03-27 18:31 UTC (permalink / raw)
  To: git

# Versions

- Git 2.30.1
- macOS 10.15.7

# Steps to Reproduce

- Have two SSH key pairs on your machine, one with a passphrase and
other without. The keys were created by running `ssh-keygen` in my
case.

- Add the key with a passphrase to the SSH agent by running `ssh-add`
and entering the passphrase.

- Have an entry like the following in your `~/.ssh/config`:

      Host someName
          HostName bitbucket.org
          User git
          IdentityFile ~/.ssh/private-key-of-the-pair-without-a-passphrase


- Add the public key of the pair without a passphrase to your BitBucket
account.

- Run `git clone someName:path/to/your/repository.git`. You will get a
not authorized error. As far as I can tell, this means that Git has
tried to use the key with the passphrase (which is added to the SSH
agent). Since this key is **not** the key that was added to the
BitBucket account, we received a not authorized error.

- Add the key without a passphrase to your SSH agent by running
`ssh-add` and try the same command (`git-clone`) again. It will work.

- Now, remove both keys from the SSH agent by running `ssh-add -D` and
try and try the same command (`git-clone`) again. It will still work.

I didn't test but don't believe this has something to do with the key
having a passphrase or not. Also, I believe that I'm not using macOS
Keychain to store the decrypted keys.

# Expected Behavior

The `git-clone` command to work as expected, regardless of which keys
are present in the SSH agent, since the information that I provide to
Git (via the `Host` information in the `~/.ssh/config` file) is
sufficient.

# Actual Behavior

Git is trying to use the SSH key that is present in the SSH agent,
instead of using the SSH key which is explicitly declared in the
`~/.ssh/config` file.


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [BUG] Git is not using the configured SSH key when there is another SSH key added to the SSH agent
  2021-03-27 18:31 [BUG] Git is not using the configured SSH key when there is another SSH key added to the SSH agent Utku
@ 2021-03-27 18:54 ` brian m. carlson
  2021-03-27 18:58   ` Utku
  0 siblings, 1 reply; 3+ messages in thread
From: brian m. carlson @ 2021-03-27 18:54 UTC (permalink / raw)
  To: Utku; +Cc: git

[-- Attachment #1: Type: text/plain, Size: 2239 bytes --]

On 2021-03-27 at 18:31:10, Utku wrote:
> # Versions
> 
> - Git 2.30.1
> - macOS 10.15.7
> 
> # Steps to Reproduce
> 
> - Have two SSH key pairs on your machine, one with a passphrase and
> other without. The keys were created by running `ssh-keygen` in my
> case.
> 
> - Add the key with a passphrase to the SSH agent by running `ssh-add`
> and entering the passphrase.
> 
> - Have an entry like the following in your `~/.ssh/config`:
> 
>       Host someName
>           HostName bitbucket.org
>           User git
>           IdentityFile ~/.ssh/private-key-of-the-pair-without-a-passphrase
> 
> 
> - Add the public key of the pair without a passphrase to your BitBucket
> account.
> 
> - Run `git clone someName:path/to/your/repository.git`. You will get a
> not authorized error. As far as I can tell, this means that Git has
> tried to use the key with the passphrase (which is added to the SSH
> agent). Since this key is **not** the key that was added to the
> BitBucket account, we received a not authorized error.
> 
> - Add the key without a passphrase to your SSH agent by running
> `ssh-add` and try the same command (`git-clone`) again. It will work.
> 
> - Now, remove both keys from the SSH agent by running `ssh-add -D` and
> try and try the same command (`git-clone`) again. It will still work.
> 
> I didn't test but don't believe this has something to do with the key
> having a passphrase or not. Also, I believe that I'm not using macOS
> Keychain to store the decrypted keys.

This behavior is completely due to SSH.  Git doesn't tell OpenSSH to
behave in any particular way; instead, it tells it to make a connection
with the specified parameters to the specified server, and OpenSSH makes
its own decision about what that means.

In your case, the option you want is "IdentitiesOnly yes".  This tells
OpenSSH to always use the specified identity, even if a different one is
available in the agent.  You can add it to the configuration that you
have above and things should work.

You can also see an example of this configuration in the FAQ:
https://git-scm.com/docs/gitfaq#multiple-accounts-ssh
-- 
brian m. carlson (he/him or they/them)
Houston, Texas, US

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 263 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [BUG] Git is not using the configured SSH key when there is another SSH key added to the SSH agent
  2021-03-27 18:54 ` brian m. carlson
@ 2021-03-27 18:58   ` Utku
  0 siblings, 0 replies; 3+ messages in thread
From: Utku @ 2021-03-27 18:58 UTC (permalink / raw)
  To: brian m. carlson; +Cc: git

Adding `IdentitiesOnly yes` solves it. Thank you so much Brian!

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-27 19:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-27 18:31 [BUG] Git is not using the configured SSH key when there is another SSH key added to the SSH agent Utku
2021-03-27 18:54 ` brian m. carlson
2021-03-27 18:58   ` Utku

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.