Issue
Using OSX Montery.
I'm trying to access my private repo using a custom ssh key.
I have a custom ssh key "mykey" and "mykey.pub" using
ssh-keygen -t rsa -C "[email protected]"
I have added this key to the ssh agent using
ssh-add ~/.ssh/mykey
I have added the key from mykey.pub to my github account with read/write permissions
My ~/.ssh/config looks as follows:
Host gmail
IdentityFile ~/.ssh/mykey
User git
HostName github.com
UseKeychain yes
When I run
ssh gmail
I get the respone
PTY allocation request failed on channel 0
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
This leads me to believe that my setup is working, using the correct credentials.
However when I try to clone my repository (github.com:Username/myrepo.git) via
git clone gmail:Username/myrepo.git
I get
Cloning into 'myrepo'...
ERROR: Repository not found.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I have tried multiple variations of this:
git clone [email protected]:Username/myrepo.git
git clone git@gmail:Username/myrepo.git
git clone [email protected]:Username/myrepo.git --config core.sshCommand="ssh -i ~/.ssh/mykey"
All to no avail.
GIT_CURL_VERBOSE=1 git clone gmail:Username/myrepo.git
Does nothing for me either, I get the same response every time.
I'm at my wits end, not sure what I am doing wrong here. Any advice would be greatly appreciated.
EDIT:
Running GIT_SSH_COMMAND="ssh -vvv" git clone gmail:Username/myrepo.git
will yield the following result:
Cloning into 'myrepo'...
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/mylocalusername/.ssh/config
debug1: /Users/mylocalusername/.ssh/config line 1: Applying options for gmail
debug1: /Users/mylocalusername/.ssh/config line 39: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/mylocalusername/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/mylocalusername/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/mylocalusername/.ssh/mykey type 0
debug1: identity file /Users/mylocalusername/.ssh/mykey-cert type -1
debug1: identity file /Users/mylocalusername/.ssh/id_ed25519 type 3
debug1: identity file /Users/mylocalusername/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version babeld-3d700a2c
debug1: compat_banner: no match: babeld-3d700a2c
debug3: fd 5 is O_NONBLOCK
debug1: Authenticating to github.com:22 as 'git'
debug3: record_hostkey: found key type ED25519 in file /Users/mylocalusername/.ssh/known_hosts:12
debug3: load_hostkeys_file: loaded 1 keys from github.com
debug1: load_hostkeys: fopen /Users/mylocalusername/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
debug2: MACs stoc: [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:[key]
debug3: record_hostkey: found key type ED25519 in file /Users/mylocalusername/.ssh/known_hosts:12
debug3: load_hostkeys_file: loaded 1 keys from github.com
debug1: load_hostkeys: fopen /Users/mylocalusername/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'github.com' is known and matches the ED25519 host key.
debug1: Found key in /Users/mylocalusername/.ssh/known_hosts:12
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/mylocalusername/.ssh/id_ed25519 ED25519 SHA256:[key] explicit agent
debug1: Will attempt key: /Users/mylocalusername/.ssh/mykey RSA SHA256:[key] explicit agent
debug1: Will attempt key: [email protected] RSA SHA256:[key] agent
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/mylocalusername/.ssh/id_ed25519 ED25519 SHA256:[key] explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: /Users/mylocalusername/.ssh/id_ed25519 ED25519 SHA256:[key] explicit agent
debug3: sign_and_send_pubkey: ED25519 SHA256:[jkey]
debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:[key]
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([140.82.121.4]:22).
debug2: fd 6 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: client_input_hostkeys: received RSA key SHA256:[key]
debug3: client_input_hostkeys: received ECDSA key SHA256:[key]
debug3: client_input_hostkeys: received ED25519 key SHA256:[key]
debug1: client_input_hostkeys: searching /Users/mylocalusername/.ssh/known_hosts for github.com / (none)
debug3: hostkeys_foreach: reading file "/Users/mylocalusername/.ssh/known_hosts"
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:1
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:2
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:3
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:4
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:5
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:6
debug3: hostkeys_find: found ssh-rsa key under different name/addr at /Users/mylocalusername/.ssh/known_hosts:7
debug3: hostkeys_find: found ssh-ed25519 key at /Users/mylocalusername/.ssh/known_hosts:12
debug1: client_input_hostkeys: searching /Users/mylocalusername/.ssh/known_hosts2 for github.com / (none)
debug1: client_input_hostkeys: hostkeys file /Users/mylocalusername/.ssh/known_hosts2 does not exist
debug3: client_input_hostkeys: 3 server keys: 2 new, 18446744073709551615 retained, 2 incomplete match. 0 to remove
debug1: client_input_hostkeys: host key found matching a different name/address, skipping UserKnownHostsFile update
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 5 setting TCP_NODELAY
debug3: set_sock_tos: set socket 5 IP_TOS 0x20
debug2: client_session2_setup: id 0
debug1: Sending environment.
debug3: Ignored env TERM_PROGRAM
debug3: Ignored env TERM
debug3: Ignored env SHELL
debug3: Ignored env TMPDIR
debug3: Ignored env TERM_PROGRAM_VERSION
debug3: Ignored env TERM_SESSION_ID
debug3: Ignored env USER
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env __CF_USER_TEXT_ENCODING
debug3: Ignored env nvm_current_version
debug3: Ignored env PATH
debug1: channel 0: setting env GIT_PROTOCOL = "version=2"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env __CFBundleIdentifier
debug3: Ignored env PWD
debug3: Ignored env XPC_FLAGS
debug3: Ignored env XPC_SERVICE_NAME
debug3: Ignored env SHLVL
debug3: Ignored env HOME
debug3: Ignored env GIT_SSH_COMMAND
debug3: Ignored env LOGNAME
debug1: channel 0: setting env LC_CTYPE = "UTF-8"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env GIT_EXEC_PATH
debug3: Ignored env _
debug1: Sending command: git-upload-pack 'Username/myrepo.git'
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 32000 rmax 35000
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: rcvd ext data 29
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug2: chan_shutdown_read: channel 0: (i0 o1 sock -1 wfd 6 efd 8 [write])
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 8/(29)
ERROR: Repository not found.
debug2: channel 0: written 29 to efd 8
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: chan_shutdown_write: channel 0: (i3 o1 sock -1 wfd 7 efd 8 [write])
debug2: channel 0: output drain -> closed
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r43 i3/0 o3/0 e[write]/0 fd -1/-1/8 sock -1 cc -1)
debug3: send packet: type 1
debug1: fd 0 clearing O_NONBLOCK
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
debug3: fd 1 is not O_NONBLOCK
Transferred: sent 2248, received 2280 bytes, in 0.3 seconds
Bytes per second: sent 7842.5, received 7954.1
debug1: Exit status 1
So for some reason my id_ed25519 will be used. I have it in my config file as my default key:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
Normally I would want to use that key, however it is already associated with another Github account (which is why I want to use a different key in the first place).
Even though my "mykey" key gets recognized first:
debug1: identity file /Users/mylocalusername/.ssh/mykey type 0
debug1: identity file /Users/mylocalusername/.ssh/mykey-cert type -1
debug1: identity file /Users/mylocalusername/.ssh/id_ed25519 type 3
debug1: identity file /Users/mylocalusername/.ssh/id_ed25519-cert type -1
Later on the id_ed25519 key is used first:
debug1: Will attempt key: /Users/mylocalusername/.ssh/id_ed25519 ED25519 SHA256:[key] explicit agent
debug1: Will attempt key: /Users/mylocalusername/.ssh/mykey RSA SHA256:[key] explicit agent
debug1: Will attempt key: [email protected] RSA SHA256:[key] agent
I'm assuming whats happening is that github recognizes the ed25519 key, but of course that key has no access to that repository and so I'm denied.
I thought this might be because of my known_hosts file, which contained an entry for github.com referring to my id_ed25519 key, but even after deleting it the id_ed25519 key will be used first, only that it asks me to add it to my known hosts:
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
The only reason I could think of was that my key was RSA, so I regenerated it as ed25519, but I get the same result. Can I somehow force git to use the "mykey" key and not look for others?
Solution
You pointed me in the right direction.
IdentitiesOnly yes
was indeed what I was looking for. After that only the matching rules in the config applied, which still lead to the id_ed25519 being preferenced (regardless of wether it was on the top or the bottom of my config file, not sure why that is, but whatever).
To prevent this from happening I had to exclude it from being applied to the gmail host.
https://superuser.com/questions/859661/how-can-i-force-ssh-to-ignore-the-identityfile-listed-in-host-for-one-specif answered that for me.
So to get it working my ~/.ssh/config had to look like this:
Host gmail
IdentityFile ~/.ssh/mykey
User git
HostName github.com
UseKeychain yes
IdentitiesOnly yes
Host * !gmail
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed25519
With that the following command (and all subsequent git commands) will work:
git clone gmail:Username/myrepo.git
Answered By - Dan Rockstone Answer Checked By - Gilberto Lyons (WPSolving Admin)