Reputation: 1210
ssh is using wrong key despite config and bypassing config
When I try to connect to github using ssh I get the following:
me@host ~/repos/my_repo (main) $ git pull
Warning: Permanently added the RSA host key for IP address '140.82.114.4' to the list of known hosts.
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The github docs suggest running the following command to debug the ssh connection, which gives me the following output. Note that the github key is in ~/.ssh/github_id_rsa, but it never seems to attempt to use that key, even though my config lists it specifically as the key to use for this host:
$ ssh -vT [email protected]
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/me/.ssh/config
debug1: /Users/me/.ssh/config line 21: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/me/.ssh/id_rsa type 0
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version babeld-74336b10
debug1: no match: babeld-74336b10
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:10
Warning: Permanently added the RSA host key for IP address '140.82.112.4' to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/me/.ssh/id_rsa RSA SHA256:lKbkgpDG6HpW4U1pB8nQDxkAj1M4asDmdQclOe4FEJY explicit agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/me/.ssh/id_rsa RSA SHA256:lKbkgpDG6HpW4U1pB8nQDxkAj1M4asDmdQclOe4FEJY explicit agent
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
I added -F /dev/null to bypass my config file to see if it was a problem with my config):
$ ssh -vT [email protected] -F /dev/null
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /dev/null
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/me/.ssh/id_rsa type 0
debug1: identity file /Users/me/.ssh/id_rsa-cert type -1
debug1: identity file /Users/me/.ssh/id_dsa type -1
debug1: identity file /Users/me/.ssh/id_dsa-cert type -1
debug1: identity file /Users/me/.ssh/id_ecdsa type -1
debug1: identity file /Users/me/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/me/.ssh/id_ed25519 type -1
debug1: identity file /Users/me/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/me/.ssh/id_xmss type -1
debug1: identity file /Users/me/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version babeld-74336b10
debug1: no match: babeld-74336b10
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/me/.ssh/known_hosts:10
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/me/.ssh/id_rsa RSA SHA256:lKbkgpDG6HpW4U1pB8nQDxkAj1M4asDmdQclOe4FEJY agent
debug1: Will attempt key: /Users/me/.ssh/id_dsa
debug1: Will attempt key: /Users/me/.ssh/id_ecdsa
debug1: Will attempt key: /Users/me/.ssh/id_ed25519
debug1: Will attempt key: /Users/me/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/me/.ssh/id_rsa RSA SHA256:lKbkgpDG6HpW4U1pB8nQDxkAj1M4asDmdQclOe4FEJY agent
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/me/.ssh/id_dsa
debug1: Trying private key: /Users/me/.ssh/id_ecdsa
debug1: Trying private key: /Users/me/.ssh/id_ed25519
debug1: Trying private key: /Users/me/.ssh/id_xmss
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
I tried deleting the github lines from ~/.ssh/known_hosts and I tried deleting my key from my github settings, generating a new key, and uploading the new key as well.
I'm out of ideas. How can I resolve this authentication issue?
EDIT
Although the error occurs with and without the ssh config, here is my config file:
Host github
User git
HostName github.com
IdentityFile ~/.ssh/github_id_rsa
Host foo
HostName foo.example.com
Host *
AddKeysToAgent yes
User me
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
Upvotes: 3
Views: 2459
Answers (2)
Reputation: 81
I had the same issue, in my case it was my agent that was serving the last key i added to it, so i just killed the agent using the following command
eval "$(ssh-agent -k)"
Upvotes: 2
Reputation: 25380
TL;DR Your config file "github" entry should look like this:
Host github.com <--Note "github.com"
User git
IdentityFile ~/.ssh/github_id_rsa
Your immediate problem is that ssh isn't trying the "github_id_rsa" key, because your "Host github" config entry doesn't apply to a connection to "github.com". Your "github" entry currently looks like this:
Host github
User git
HostName github.com
IdentityFile ~/.ssh/github_id_rsa
This would only apply when you run something like "ssh git@github", specifically specifying the host as "github". It doesn't apply when when you specify the host as "github.com" on the command line.
If you want to leave your config file the way is, then you should run "ssh github" or "ssh git@github" instead of "[email protected]". If you specify the host as "github" on the command line, then it'll match the "github" section in your config file (and the config file will set the correct actual hostname of "github.com").
Upvotes: 4
Related Questions
- Git isn't using the right ssh key but ssh -T is correct
- Git not using the right SSH key when pushing to github
- Git is looking for a wrong SSH key
- Git uses the wrong identity (.ssh/config file not read ?)
- SSH uses wrong key when using multiple keys on a single host
- Unable to ssh using git config file
- git clone with custom key/.ssh/config works on one machine, not other
- Git not picking up the correct key according to .ssh/config
- Configured SSH Key For Git But Still Unsuccessful
- why git push can not choose the right ssh key?