V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
Yiskiee
V2EX  ›  问与答

多个 Github 账号配置 SSH Key 的问题

  •  
  •   Yiskiee · 2022-10-13 18:50:06 +08:00 · 1676 次点击
    这是一个创建于 813 天前的主题,其中的信息可能已经有所发展或是发生改变。

    问题描述

    • 当创建两个不同的 ssh key 来设置两个 Github 账号时, 我发现它们不能同时通过 Github 的认证, 只有一个可以与 Github 连接, 并克隆仓库. 我查找了网上不少有关配置多个账号和多个 SSH Key 的资料, 依然没有解决这个问题.

    • 以前用 Ubuntu20.4 时配置成功过, 改用 Fedora36 后就一直没解决这个问题, 故来请教一下大家.

    运行环境

    • OS: Fedora Linux 36 (Workstation Edition) x86_64
    • Kernel: 5.19.14-200.fc36.x86_64
    • OpenSSH: OpenSSH_8.8p1, OpenSSL 3.0.5 5 Jul 2022
    • Git: git version 2.37.3

    问题复现

    • 删除 $HOME/.ssh/ 文件夹, 清除代理
    $ rm -r $HOME/.ssh/
    $ ssh-add -D && ssh-add -l
    
    • 新建两个 SSH Key, (以 comnet 为例):
    $ ssh-keygen -t rsa -C "[email protected]" -f $HOME/.ssh/id_rsa_com
    $ ssh-keygen -t rsa -C "[email protected]" -f $HOME/.ssh/id_rsa_net
    
    • 编辑 $HOME/.ssh/config 添加以下内容:
    Host com
        HostName        github.com
        User            git
        IdentityFile    $HOME/.ssh/id_rsa_com
        ProxyCommand    ncat --proxy 127.0.0.1:1089 --proxy-type socks5 %h %p
    
    Host net
        HostName        github.com
        User            git
        IdentityFile    $HOME/.ssh/id_rsa_net
        ProxyCommand    ncat --proxy 127.0.0.1:1089 --proxy-type socks5 %h %p
    
    • 添加公钥到对应的 Github 账户

    • 测试服务器连通性:

      • 运行 ssh -T git@com 回车后询问是否继续, 输入 yes 后继续, 提示 com 的账号成功通过身份验证.
      • 运行 ssh -T git@net 回车后, 提示 com 的账号成功通过身份验证.
    • 使用 Git 克隆不同账号的私有仓库:

      • 运行 git clone git@com:com_example/example.git 回车后, 克隆成功.
      • 运行 git clone git@net:net_example/example.git 回车后, 克隆失败, 提示如下:
    ERROR: Repository not found.
    fatal: Could not read from remote repository.
    
    Please make sure you have the correct access rights
    and the repository exists.
    
    10 条回复    2022-10-15 09:18:11 +08:00
    ob
        1
    ob  
       2022-10-13 19:41:09 +08:00
    没看到你把 key 重新添加啊?
    ssh-add -k id_rsa_com
    ssh-add -k id_rsa_net
    ob
        2
    ob  
       2022-10-13 19:45:16 +08:00
    net 不行,先添加 net ,然后再试下
    corvofeng
        3
    corvofeng  
       2022-10-13 20:02:56 +08:00
    你先把 com 的删掉, 看看能不能登录 net, 我怀疑你拷贝公钥的时候拷贝错了..
    charlie21
        4
    charlie21  
       2022-10-13 20:24:03 +08:00
    用如下命令查看连接细节
    ssh -Tv git@com
    ssh -Tv git@net

    为 Host 增加 IdentitiesOnly 如下,另一块同理
    Host com
    HostName github.com
    User git
    IdentityFile $HOME/.ssh/id_rsa_com
    IdentitiesOnly yes
    ProxyCommand ncat --proxy 127.0.0.1:1089 --proxy-type socks5 %h %p

    参考
    https://superuser.com/questions/268776/how-do-i-configure-ssh-so-it-doesnt-try-all-the-identity-files-automatically
    Yiskiee
        5
    Yiskiee  
    OP
       2022-10-14 11:57:37 +08:00
    @ob
    @corvofeng
    @charlie21
    为验证这些问题, 我将 id_rsa_com 和 id_rsa_net 分别移动到其他文件夹下.
    将 config 文件中的所有内容注释, 删除 known_hosts 和 known_hosts.old
    执行 ssh-add -D && ssh-add -l 确认没有内容后:
    先移动 net 的 Key 后执行 ssh-add -k $HOME/.ssh/id_rsa_net
    后移动 com 的 Key 后执行 ssh-add -k $HOME/.ssh/id_rsa_com
    编辑 config 将 Host net 的内容移动到 Host com 之前, 其他只字未改.

    执行 ssh -Tv git@net, 结果如下:
    ```
    OpenSSH_8.8p1, OpenSSL 3.0.5 5 Jul 2022
    debug1: Reading configuration data /home/umze/.ssh/config
    debug1: /home/umze/.ssh/config line 2: Applying options for net
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug1: configuration requests final Match pass
    debug1: re-parsing configuration
    debug1: Reading configuration data /home/umze/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
    debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
    debug1: Executing proxy command: exec ncat --proxy 127.0.0.1:1089 --proxy-type socks5 github.com 22
    debug1: identity file $HOME/.ssh/id_rsa_net type -1
    debug1: identity file $HOME/.ssh/id_rsa_net-cert type -1
    debug1: Local version string SSH-2.0-OpenSSH_8.8
    debug1: Remote protocol version 2.0, remote software version babeld-f33ee42f
    debug1: compat_banner: no match: babeld-f33ee42f
    debug1: Authenticating to github.com:22 as 'git'
    debug1: load_hostkeys: fopen /home/umze/.ssh/known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /home/umze/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: algorithm: curve25519-sha256
    debug1: kex: host key algorithm: ssh-ed25519
    debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
    debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
    debug1: kex: curve25519-sha256 need=32 dh_need=32
    debug1: kex: curve25519-sha256 need=32 dh_need=32
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: SSH2_MSG_KEX_ECDH_REPLY received
    debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
    debug1: load_hostkeys: fopen /home/umze/.ssh/known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /home/umze/.ssh/known_hosts2: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
    debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
    debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/umze/.ssh/known_hosts does not exist
    debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/umze/.ssh/known_hosts2 does not exist
    debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
    debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
    The authenticity of host 'github.com (<no hostip for proxy command>)' can't be established.
    ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
    This key is not known by any other names
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
    debug1: rekey out after 4294967296 blocks
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: rekey in after 4294967296 blocks
    debug1: Will attempt key: [email protected] RSA SHA256:eQ5AqN8Y+p9cGo8eVzcxOMmJgDN3ivpCbcgA7jkkXeI agent
    debug1: Will attempt key: [email protected] RSA SHA256:H790emQkwtjDRSnGyRxp0e+HnlxlAY5ruEFLrxw6VtQ agent
    debug1: Will attempt key: $HOME/.ssh/id_rsa_net explicit
    debug1: SSH2_MSG_EXT_INFO received
    debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey
    debug1: Next authentication method: publickey
    debug1: Offering public key: [email protected] RSA SHA256:eQ5AqN8Y+p9cGo8eVzcxOMmJgDN3ivpCbcgA7jkkXeI agent
    debug1: Server accepts key: [email protected] RSA SHA256:eQ5AqN8Y+p9cGo8eVzcxOMmJgDN3ivpCbcgA7jkkXeI agent
    Authenticated to github.com (via proxy) using "publickey".
    debug1: pkcs11_del_provider: called, provider_id = (null)
    debug1: channel 0: new [client-session]
    debug1: Entering interactive session.
    debug1: pledge: filesystem full
    debug1: client_input_global_request: rtype [email protected] want_reply 0
    debug1: client_input_hostkeys: searching /home/umze/.ssh/known_hosts for github.com / (none)
    debug1: client_input_hostkeys: searching /home/umze/.ssh/known_hosts2 for github.com / (none)
    debug1: client_input_hostkeys: hostkeys file /home/umze/.ssh/known_hosts2 does not exist
    debug1: Sending environment.
    debug1: channel 0: setting env XMODIFIERS = "@im=ibus"
    debug1: channel 0: setting env LANG = "en_US.UTF-8"
    Learned new hostkey: RSA SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
    Learned new hostkey: ECDSA SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM
    Adding new key for github.com to /home/umze/.ssh/known_hosts: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
    Adding new key for github.com to /home/umze/.ssh/known_hosts: ecdsa-sha2-nistp256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM
    debug1: update_known_hosts: known hosts file /home/umze/.ssh/known_hosts2 does not exist
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    Hi net! You've successfully authenticated, but GitHub does not provide shell access.
    debug1: channel 0: free: client-session, nchannels 1
    Transferred: sent 3564, received 3176 bytes, in 0.7 seconds
    Bytes per second: sent 5290.0, received 4714.1
    debug1: Exit status 1
    ```
    字数限制, 另起一个回复
    Yiskiee
        6
    Yiskiee  
    OP
       2022-10-14 12:28:52 +08:00
    @ob
    @corvofeng
    @charlie21
    接上文:
    执行 ssh -Tv git@com, 结果如下 (回复受限, 去除了大部分内容):
    ```
    Hi net! You've successfully authenticated, but GitHub does not provide shell access.
    debug1: channel 0: free: client-session, nchannels 1
    Transferred: sent 3128, received 2752 bytes, in 0.7 seconds
    Bytes per second: sent 4500.6, received 3959.6
    debug1: Exit status 1
    ```

    为各 Host 增加 IdentitiesOnly

    执行 ssh -T git@net:
    ```
    no such identity: $HOME/.ssh/id_rsa_net: No such file or directory
    [email protected]: Permission denied (publickey).
    ```


    执行 ssh -T git@com:
    ```
    no such identity: $HOME/.ssh/id_rsa_com: No such file or directory
    [email protected]: Permission denied (publickey).
    ```
    ob
        7
    ob  
       2022-10-14 12:49:00 +08:00
    @Yiskiee 同在 linux 环境下验证过,可能有点不一样,试着加下这两个配置:(mac 的,不知道是不是通用)
    AddKeysToAgent yes
    UseKeychain yes
    Yiskiee
        8
    Yiskiee  
    OP
       2022-10-14 23:27:20 +08:00
    @ob 试了一下, 第一条配置存在, 但没有解决这个问题, 第二条配置不可用.
    ob
        9
    ob  
       2022-10-15 04:58:16 +08:00
    @Yiskiee 把 config 文件里面的$HOME 改成~
    我试着用最基本的配置,其他什么都不加都不配,也能成功 clone 不同账号 repo

    Host com
    HostName github.com
    IdentityFile ~/.ssh/id_rsa_com
    User git

    Host net
    HostName github.com
    IdentityFile ~/.ssh/id_rsa_net
    User git
    Yiskiee
        10
    Yiskiee  
    OP
       2022-10-15 09:18:11 +08:00
    @ob 十分感谢! ssh -T 测试成功了, git 克隆私有库也成功了, 实在是不理解为什么会有这种问题.
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3049 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 03:03 · PVG 11:03 · LAX 19:03 · JFK 22:03
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.