Issue
I'm on an M1 Macbook Pro 16" if this information matters at all.
Here is a list of things I did !AFTER! removing the contents of the config file.
$ ssh -v localhost
OpenSSH_8.6p1, LibreSSL 3.3.6
I have created a simple ssh file using the recommended type:
$ ssh-keygen -t ed25519 -C "[email protected]" -f github-personal
... password, whatever
$ ls -la
.
..
bkup
config
github-personal
github-personal.pub
known_hosts
I then procede to add the public key to my account
$ cat ~/.ssh/github-personal.pub | pbcopy
Go to my account, settings, SSH and GPG, add the key, give it a relevant name.
$ ssh-add -l
The agent has no identities.
Good, as expected
$ ssh-add ~/.ssh/github-personal
password:...
$ ssh-add -l
256 SHA256: ... my.email@whatever
compare the signature with that on github, yes it's the same, everything works.
$ ssh -T [email protected]
Hi [my-name]! You've successfully authenticated, but GitHub does not provide shell access.
$ git clone [email protected]:my-user/my-repo
cloning into ... whatever it works
Nice! The bare minimum works! Now let's try having 3 github accounts, each with it's own SSH key. But ... that's scary. Let's get the exact above thing to work with a config file before even adding other accounts maybe?
contents of ~/.ssh/config:
AddKeysToAgent yes
IdentitiesOnly yes
Host personal-github
HostName github.com
User git # as instructed by git, only ever use the git user i.e. [email protected]
UseKeychain yes
IdentityFile ~/.ssh/github-personal
# PreferredAuthentications publickey,password
I had no idea if PreferredAuthentications publickey,password was messing me up, I tried with and without it. Now without.
$ ssh-add -l
yes, agent still has it, it's listed here
$ ssh -T [email protected]
[email protected]: Permission denied (publickey).
...
$ ssh-add -D
$ ssh-add -l
key not longer here
$ ssh personal-github
PTY allocation request failed on channel 0
Hi my-name! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
$ ssh-add -l
yep, key was added automatically
So, maybe here I'm missing something. I understand the following: I define in the config file a Host name-defined-by-me. This starts a function of sorts, or whatever, namespace, don't care. Where I can keep defining parameters until the next Host name-defined-by-me-2 comes up.
Then I call that name-defined-by-me to load that particular configuration.
In my case, let's go over the file again:
AddKeysToAgent yes
IdentitiesOnly yes
Host personal-github
HostName github.com
User git # as instructed by git, only ever use the git user i.e. [email protected]
UseKeychain yes
IdentityFile ~/.ssh/github-personal
# PreferredAuthentications publickey,password
I have defined globally that I want:
- To automatically add keys to the agent
- But only specifically identified keys, not everything in ~/.ssh/
- And - I THINK - only when I call
ssh name-defined-by-meor heressh personal-github
In the specific host section of personal-github, I am saying that the HostName of whom I am trying to connect to is github.com, with the User git forming [email protected].
I want to use my mac Key Chain to not provide the password every time I change the host. (I'd probably need a $ ssh-add -D between host changes). And I'm specifying the singular file I want to add.
It does add the file when I call $ssh personal-github, it doesn't ask for my password, and github responds with my name so SOMETHING must be right.
Yet, I cannot continue past that point.
$ ssh -T [email protected]
[email protected]: Permission denied (publickey).
$ rm -rf my-repo
$ git clone [email protected]:my-user-name/my-repo
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I'm at a loss.
Solution
ssh -T [email protected]
[email protected]: Permission denied (publickey).
That is expected.
Whenever you are referencing a private key in your ~/.ssh/config file, under an entry Host key1, you need to change your URL to
ssh -Tv key1
git clone key1:me/myRepository
And you can repeat that for key2, key3, ...
Answered By - VonC Answer Checked By - Clifford M. (WPSolving Volunteer)