I am setting up my ssh config for 2 different accounts in gitlab.
Host gitlab.com-roulette
HostName gitlab.com
User norayr.ghukasian
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_roulette
Host gitlab.com-devlix
HostName gitlab.com
User norayr.ghukasyan
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_devlix
I am getting a Permission denied error.
The strange thing for me is that the first one is working fine, therefore I think there is some tiny issue in my config that I am not aware of. I guess when the user or the server tries to connect, ssh automatically matches the first config with matched HostName.
How do I set up it properly to work for both of the accounts?
P.S. The Users are different - norayr.ghukasian and norayr.ghukasyan.
Following Use difference accounts on a single GitLab instance you would setup your configuration like so:
Host norayr.ghukasian.gitlab.com
Hostname gitlab.com
PreferredAuthentications publickey
User git
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_roulette
Host norayr.ghukasyan.gitlab.com
Hostname gitlab.com
PreferredAuthentications publickey
User git
IdentityFile /home/norayr_ghukasyan/.ssh/id_ed25519_devlix
Then to clone a repo as norayr.ghukasian user:
git clone git#norayr.ghukasian.gitlab.com:gitlab-org/gitlab.git
Using the username as the alias is not absolutely necessary. You can use a different alias if you wish and set it in the Host section of your ssh config.
Key takeaways:
The only thing that you need to tell GitLab who you are is the IdentityFile.
You can direct git/ssh to use a specific identity file by the alias you use for the host configured in the ssh config.
Related
I started to work for a new client and they have a GitLab subdomain to keep all their repositories. I applied my ssh key and gpg2 keys to their GitLab account. However, when I try to clone via ssh, I time out. But if I were to clone via HTTPS, everything works fine.
What step am I missing to get the ssh portion working?
Cloning via https does work.
https://gitlab.company_sub_domain.com/company/repository.git
Cloning via ssh does not work.
git#gitlab.company_sub_domain.com:company/repository.git
config file:
In case this may be of any help:
Try completing your ssh config file with
Host companysub
Hostname gitlab.company_sub_domain.com
User git
IdentityFile ~/.ssh/id_ed25519
(put the "Preferredauthentication publickey" part in Host *)
That way, your URL would become companysub, as in:
git clone companysub:company/repository.git
First, try an ssh -Tv companysub, to check if the key is recognized and working.
I have two repositories on one machine on the same account on Github. I've added an ssh key to my account and pushing to repository A succeeds but I can't push to repository B. SSH keys on github aren't associated to specific repos iirc.
A little research has led me to find out that I need two different keys. How do I edit my config file so that git uses the correct key when pushing to the second repo?
I got to the solution by modifying the .ssh/config file to append this
Host repo2.github.com
User git
Port 22
Hostname github.com
IdentityFile ~/.ssh/id_rsa2
TCPKeepAlive yes
IdentitiesOnly yes
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
and then adding by appending the following in the .git/config file
[remote "origin"]
url = git#repo2.github.com:[Username]/G2-FrontEnd.git
fetch = +refs/heads/*:refs/remotes/origin/*
How do I configure the GitLab URL username?
Why is the username in the Git clone URL always git#url?
Even if we create own user it still says git.
I have created my ssh key and added to the GitLab, but still it says git#url.
It does say git because it is the account under which GitLab server has been installed.
It is defined in the gitlab.yml config file.
# Uncomment and customize if you can't use the default user to run GitLab
(default: 'git')
# user: git
You will always contact GitLab ssh with that user 'git': that SSH session will use your public SSH key, and that will allow the GitLab server to authenticate you.
Since it is an SSH URL, you need to open a (non-interactive) ssh (secure shell) session always with the account git, which will have your public SSH key registered.
I have successfully created gitolite-admin.git repo on server (say) 10.107.105.13. I can clone this repo on my local machine (say) 10.14.42.7 by issuing git clone gitolite#10.107.105.13:gitolite-admin. I had to add some lines in .ssh/config file to make sure that correct private key is used.
Then I have added a user dilawar to conf/gitolite.conf file and a appropriate key dilawar.pub to keys folder. I have added and commited this commit to the gitolite-admin repo. I have also added one more entry in .ssh/conf file so that a correct private key is used. But when I try to do git clone dilawar#10.107.105.13:testing, gitolite asks for the password. I am under the impression that I do not have to create user dilawar on 10.107.105.13. I have checked by logging into server that repository testing.git exists as well public-key dilawar.pub has been added to .ssh/authorized_keys.
I have also tried ssh -vvvv dilawar#10.107.105.13 to check if the correct file is being offered. Here is my .ssh/conf file.
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/gitolite
Host 10.107.105.13
HostName 10.107.105.13
User dilawar
IdentityFile ~/.ssh/id_rsa
What I am doing wrong?
In your config file, I see:
User dilawar
That is wrong. ssh communication to a gitolite server are always done with the same account (here gitolite).
What changes is the private key used, which will help gitolite determine your identity.
What you ~/.ssh/config file should look like is:
Host admin
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/gitolite
Host dilawar
HostName 10.107.105.13
User gitolite
IdentityFile ~/.ssh/id_rsa
For cloning gitolite-admin, you would use:
git clone admin:gitolite-admin
For cloning a repo dilawar has access to:
git clone dilawar:aRepo
See more at "Gitolite: adding user not working, and DENIED by fallthru when cloning as root?".
See also "how gitolite uses ssh"
Adding your public key to the server's ~git/.ssh/authorized_keys file is how ssh uses pubkeys to authenticate users.
Let's say sita#work.station is trying to log in as git#server.
What you have to do is take the ~sita/.ssh/id_rsa.pub file for user sita on work-station and append its contents (remember it's only one line) to ~git/.ssh/authorized_keys for user git on server.
The authorized_keys file can have multiple public keys (from many different people) added to it so any of them can log in to git#server.
I have got it working by cloning the repository using the gitolite username.
git clone gitolite#server:repo
If keys are added successfully then further pull and push will go smoothly.
I am accepting VomC answer as a better answer.
VonC's answer is the key, but I ran into an edge case that's worth mentioning for future searchers.
Even if you do everything else right, as in VonC's answer, a somewhat standard setting for ControlPath can mess things up.
I had two users in ~/.ssh/config, as below:
Host gitolite
HostName <whatever>
User git
IdentityFile ~/.ssh/gitolite
Host username
HostName <whatever>
User git
IdentityFile ~/.ssh/username
In theory, this should have allowed me to run git clone git#username:reponame, but the server kept thinking that I was trying to clone the repo as the gitolite admin (who does not have permission to clone that repo), rather than as the gitolite user (who does have permission to clone the repo).
The problem was that in my all hosts section, I had the following:
Hosts *
# other stuff that doesn't matter
ControlPath ~/.ssh/ssh-%r#%h:%p
If you don't see it right away (I didn't!), the problem is that the expansions for %r#%h%p (= username#hostname:port) are identical for the gitolite and username entries. They're both git#hostname:port! Once I realized that, it was an easy fix. Simply add distinguishing elements into a more specific ControlPath entry for those two users. E.g.,
Host gitolite
HostName <whatever>
User git
IdentityFile ~/.ssh/gitolite
ControlPath ~/.ssh/gitolite-admin-%r#%h:%p
Host username
HostName <whatever>
User git
IdentityFile ~/.ssh/username
ControlPath ~/.ssh/gitolite-username-%r#%h:%p
I had to edit /etc/ssh/sshd_config and add git (the user) to the line which begins with AllowUsers.
Then I had to add git to a sysadmin group that was also allow on sshd_config's line that begins with AllowGroups.
Don't forget to restart the ssh daemon with sudo service ssh restart.
Note : I didn't have to ssh-copy-id or add the public key to /home/git/.ssh/authorized_keys as suggested before (gitolite's developer recommends against this btw.)
I had the same problem, with a different solution because of my config. I setup my gitolite user as “git” so I needed to do git clone git#server:repo.git
I create a deploy user, generate an ssh_key, I add id_rsa.pub as github deploy key.
this deploy user need pull 2 repo, so I add the same ssh_key to another repo as deploy key.
but github tell me, deploy key already in use.
and I don't know how add 2 id_rsa.pub for 1 user.
update:
I add id_rsa_assets additional, but I still cannot pull.
ssh-add .ssh/id_rsa_assets
Could not open a connection to your authentication agent.
.ssh/config
Host guardians
Hostname github.com
User git
IdentityFile ~/.ssh/id_rsa
Host assets
Hostname github.com
User git
IdentityFile ~/.ssh/id_rsa_assets
You can create two public/private keys with whatever name you want:
~/.ssh
repo1
repo1.pub
repo2
repo2.pub
config
(Ie it doesn't have to be named id_rsa(.pub) to work, provided you indicate ssh where to look.
That is where 'config' comes into play: the config file includes the name of your two connections for GitHub repo1 and GitHub repo2 with, for each connection, the path to your private repo key, as described in "change github account mac command line" and in "Quick Tip: How to Work with GitHub and Multiple Accounts":
Host githubRepo1
HostName github.com
User git
IdentityFile ~/.ssh/repo1
Host githubRepo2
HostName github.com
User git
IdentityFile ~/.ssh/repo2
That way you can pull from any of the two repos, as long as you are using their ssh addresses.