git push ignores my user.name setting and keeps trying to commit as another user

Question

I have two users set up on github and it is always a struggle to create repo, commit, push with the right one.

To avoid confusion I created ssh aliases in .ssh/config/

Host gitUserA
 AddKeysToAgent yes
 HostName github.com
 User git
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa_github_userA

Host gitUserB
 AddKeysToAgent yes
 HostName github.com
 User git
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa_github_userB

On a newly created git repo I have set the local user to userA and it is correctly returned by

> git config  user.name
userA

Unfortunately it keeps trying to push as userB

>git push -u origin main
Warning: Permanently added the RSA host key for IP address '~~~~~~~' to the list of known hosts.
ERROR: Permission to ~~~~/~~~~~~~~~.git denied to userB.
fatal: Could not read from remote repository.

Please note:

• my remote.origin.url uses the ssh alias for userA

>git config remote.origin.url
gitUserA:~~~~/~~~~~~~~.git

• my global user is userA, so I am really puzzled
• I have also tried to do git init again, but it did not help.

Answer 1

TL;DR: check your IdentityFile settings very carefully.

---

Your user.name and user.email settings are used to create the metadata inside new commits.¹ They are not used when running git push. What's used during git push is some sort of authentication.²

The authentication details vary depending on what protocol you have your Git use to call up the other Git. In your case, you are using ssh. Ssh authentication for GitHub is complicated.³ When you use ssh, you have ssh itself—this is a completely separate program, outside of Git—call up some other computer and ask to make a secure connection to that computer. That computer presents its identity (so that your computer can verify that it's really talking to GitHub, and not to someone pretending to be GitHub). That's what this is about:

Warning: Permanently added the RSA host key for IP address ...

This is the first time your computer has talked to the computer claiming to be github.com (as far as your computer can remember anyway, based on files that ssh keeps for itself).

Next, if your computer is satisfied that it's actually talking to the right computer, your computer presents a user name. The user name you are having your computer present is git. That's what:

    User git

is about, in your .ssh/config file. This is correct! GitHub demands that you claim to be user git. If you claim to be some other person, it won't work.

But now there is a problem. Everyone—you, me, and everyone else who uses GitHub—must claim to be user git, whenever we want to access the Git repositories we are having GitHub host for us. How will GitHub's computer know that you are you, and that I am me, when we both claim to be user git?

This is where your IdentityFile comes in:

    IdentityFile ~/.ssh/id_rsa_github_userA

If you peek inside your .ssh directory, you'll see that each ID-pair consists of two files:⁴

$ ls ~/.ssh
config
id_rsa.github
id_rsa.github.pub
known_hosts

for instance. (The config file is the one you're using to store your configuration, and known_hosts is how ssh remembers the host RSA stuff so that it can tell that whoever answers the Internet-phone at github.com is still the same computer it talked to last time.)

The .pub file contains a public key, which your ssh will present to the ssh server on the host you're connecting to. The other file contains a private key, which you should keep secret.

When your Git runs your ssh and your ssh gets to the point of presenting this public key to the ssh server on GitHub, that's when the ssh server on GitHub decides who you are claiming to be. The public key must be unique to you—to who you claim to be. Since the public key has a lot of randomly generated data in it, it will be unique to whoever you claim to be, unless you copied someone else's public key, or copied your own public key. (You can do that if you like: copy your own public key, so that you can claim to be you from another computer. You'll need to know / provide the private key that goes with this public key, of course. Be aware that doing this also means you can't pin down an access-leak to one specific device. If each device has its own public key, and you can see which public key was used, you know which device was compromised; in some situations that might be important.)

So, GitHub will take this public key you've presented, and scan through all the public keys that anyone has ever given to GitHub. Whoever it matches first, that's who GitHub thinks you're claiming to be. When it says:

ERROR: Permission to ~~~~/~~~~~~~~~.git denied to userB.

this means that the public key you gave it—based on the IdentityFile line from your .ssh/config—was one that, at some point in the past, you or someone else gave to GitHub and said this public key means I am claiming to be userB.

---

¹Remember that a commit consists of two parts: one part is a snapshot of every source file that Git knows about, at the time you run git commit, and the other part is metadata containing things like your name and email address, the date-and-time at which you're making this commit, and so on. The name and email address come from these two settings. You can claim to be whoever you want: Git neither knows nor cares who you are, it's just putting this into the commit for future reference.

²Remember that git push has your Git call up some other Git, typically on some other computer, via an Internet connection. That other computer is likely to be careful about deciding whether you have permission to access it at all.

³Any reasonably secure method of authentication is complicated, but ssh tends to take it up a notch. 😀

⁴In some cases, you can omit some of these files; this answer does not get into those details.