[SOLVED] Git pushing with wrong username when having multiple git accounts locally

Issue

I use three different GitHub accounts.

I have correctly set my ssh keys (created, added to keyring, added to github).

Doing ssh-add -l returns:

3072 SHA256:/Vq3tN5FxtE64LALAe25GQr+MpIPbGg [email protected] (RSA)
3072 SHA256:9NheazRnzMzicLALA6z70kQeO6tQcNZcePJw0RRk [email protected] (RSA)
3072 SHA256:r7uaTSfE9ZXn7LALAGHIn4syyaKPPyXsKdK8Sjk [email protected] (RSA)

In my ~/.ssh/.config file I have:

# GITHUB FIRST
Host github.com-first-user
  HostName github.com
  User git
  IdentityFile ~/.ssh/first-user

# GITHUB SECOND
Host github.com-second-user
  HostName github.com
  User git
  IdentityFile ~/.ssh/second-user
  
# GITHUB THIRD
Host github.com-third-user
  HostName github.com
  User git
  IdentityFile ~/.ssh/third-user

In my global git config I did not add any user/email config.

Each repository contains the correct user and email.

When I try to push, it says that first-user doesn't have permission.

ERROR: Permission to user/repo.git denied to first-user.
fatal: Could not read from remote repository.

I believe to have read somewhere that git uses the ssh key it sees, so maybe it is seeing the first key and taking that.

Doing git config --list --show-origin --show-scope in the repo folder, I get:

global  file:/home/user/.gitconfig    core.autocrlf=input
local   file:.git/config              user.name=Second
local   file:.git/config              [email protected]

Nowhere is there any setup for the first user.

Doing git remote -v returns:

origin  [email protected]:user/repo.git (fetch)
origin  [email protected]:user/repo.git (push)

Relevant note:

Doing ssh -T github.com-second-user returns Hi first-user!, You've successfully authenticated...

Note: this error happens both using the git cli, and also using git via the phpStorm UI.

How can I force it to use the second key for the second user?

Thanks!

Solution

Add:

IdentitiesOnly yes

(either to each Host entry for the three aliases, or globally). Without this setting, ssh first tries all the agent-supplied identities, then tries the file listed. Since the first agent-supplied entity works as the first user, that gets you in to GitHub as the first user: the second user's key is never attempted, and GitHub believe you are the first user.

With IdentitiesOnly yes, ssh tries only the listed IdentityFile entries, in the order they appear (still getting keys from the agent as needed, so that you need only store the .pub files on the computer in question, if that's not your primary system).

(Nothing Git does here makes any difference: all of this is entirely up to ssh and GitHub.)

Answered By - torek

Answer Checked By - Marilyn (WPSolving Volunteer)