1

I have set up git config as follows:

Host ACCOUNT1
    HostName github.com
    Port 22
    User git-username1
    IdentityFile ~/.ssh/id_rsa_2

Host ACCOUNT2
    HostName github.com
    Port 22
    User git-username2
    IdentityFile ~/.ssh/id_rsa

When i git push ACCOUNT1 staging it fails and says "Permission denied...(PublicKey)"

This is because windows ALWAYS use IdentityFile ~/.ssh/id_rsa no matter how i rearrange Hosts (ACCOUNTS1 and ACCOUNTS2 above)

UNTIL i rename IdentityFile ~/.ssh/id_rsa_2 to IdentityFile ~/.ssh/id_rsa, Then git push ACCOUNT1 staging works....

so every time I have to push to an account I have to make sure its Private Key is named EXACTLY "id_rsa"

Is anyone out there with the solution to ensure git on windows FOLLOW the git config set IdentityFile instead of falling to EXACTLY "id_rsa"?

Improve this question
2
  • You did setup the ssh part of the config but you still have to configure git's remote config to use different URLs. See man-page for git push. Commented Dec 11, 2021 at 12:07
  • @A.H. I have set the remote url as [email protected]:username/repo .... that is why it works when i change the naming of the Key to match id_rsa for both accounts1 and accounts2 remote URL... Commented Dec 11, 2021 at 19:40

2 Answers 2

Reset to default
4

VonC already provided the short answer. Here's the long one.

You're mixing up Git's credentials (used with http / https) and ssh's public / private key based authentication. In particular, this stuff:

Host ACCOUNT1
    HostName github.com
    Port 22
    User git-username1
    IdentityFile ~/.ssh/id_rsa_2

is a set of instructions for ssh, which you would put in your .ssh/config file. Git simply runs ssh; ssh then does everything.

These instructions are slightly flawed. In particular you want User git, not User git-username1. This allows you to omit git@ in your ssh request. (If you include git@, the User line here is ignored, so the flaw becomes unimportant.)

To make ssh use these instructions, you must direct ssh to the pseudo0-host named ACCOUNT1:

ssh -Tv ACCOUNT1

from the command line, for instance, or ssh -Tv git@ACCOUNT1. Ssh matches the string literal ACCOUNT1 against the Host line, and then uses the remaining instructions—HostName, Port, User, and IdentityFile—when contacting the actual host. The host ssh contacts is that listed in the HostName section, i.e., github.com. The port used is 22 (ssh standard, so there's no need to list it). The user name will be git-username1 with the example, which is wrong, so you'd need git@ACCOUNT1 as in the alternative to override the user name.

There's one further line missing: IdentitiesOnly yes. This is not required but helps cut down on the number of keys your ssh will attempt when it contacts github.com. With IdentitiesOnly yes, each key listed in the IdentityFile line(s)—you can have more than one—will be tried, in the order they are listed. The order can matter since some servers may begin quietly ignoring keys after the first few. (Imagine you're the gatekeeper, watching folks come up and try their keys in the lock at the door to the castle. Someone—you can't see who as the light is too dim—comes up with a huge key ring with 1000 keys on it, and tries them one by one. What do you think about this person?)

So, what I like to do is this:

Host gh1
    HostName github.com
    User git
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_github1

Host gh2
    HostName github.com
    User git
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_github2

and so on. Then, when creating or updating the URL, I use:

git clone ssh://gh1/user/repo.git

or:

git remote set-url origin ssh://gh2/user/repo.git

as appropriate. To test each ssh setting, I use:

ssh -T gh1

or:

ssh -Tvvv gh2

as appropriate. The number of vs here determines the amount of extra debug output from ssh: stuff at debug level 1 is emitted with one v, stuff at debug level 2 with 2 vs, and so on. Debug level 1 suffices to watch the keys being tested.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Great Answer: after learning from you, all i had to do was change the User ACCOUNT1 to User git. and git remote set-url ACCOUNT1 ACCOUNT1:username/repo as Per both of your answer with @VonC below
3

I have set the remote url as [email protected]:username/repo.

Actually, if you want to use your ~/.ssh/config entries, you need to set the remotes to:

git remote add ACCOUNT1 ACCOUNT1:username/repo
# or, if remote ACCOUNT1 already exists
git remote set-url ACCOUNT1 ACCOUNT1:username/repo

Only then a git push ACCOUNT1 staging light work.

Without a remote named ACCOUNT1, git push would use the URL ACCOUNT1, which is like [email protected], with id_rsa_2, but... without username/repo.
Pushing to [email protected] alone will always be "permission denied".

And the User entry in ~/.ssh/config should always be:

User git

Any other remote user would be "permission denied".

Improve this answer

4 Comments

Thanks! Your Solution Works ONLY when i edit as follows: change my Config file User ACCOUNT1 to User git . Maybe even removing that line would work
@CodeOneOnOne Good point. I have edited the answer to make that clearer.
@Wolf Thank you for your feedback. I have edited the answer accordingly.
@Wolf Again, thank you. There was a verb missing indeed!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.