我有 2 個不同的 github 帳戶,1 個用于作業,1 個用于個人專案。在我的筆記本電腦上,我創建了 2 個不同的目錄來克隆我的 Github 存盤庫:
個人:/Users/pierre-alexandre/Documents/perso
作業: /Users/pierre-alexandre/Documents/work
然后,我生成了 2 個不同的 SSH 密鑰,/Users/pierre-alexandre/.ssh并在各自的 Github 存盤庫中添加了每個 .pub 密鑰。最后這是我的 /Users/pierre-alexandre/.ssh檔案夾的樣子:
id_perso id_perso.pub id_work id_work.pub known_hosts
我之后所做的是:
ssh-add ~/.ssh/id_work
ssh-add ~/.ssh/id_perso
然后,我創建了一個新檔案 ~/.gitconfig
[includeIf "gitdir:~/Documents/perso/"]
path = ~/.gitconfig-perso
[includeIf "gitdir:~/Documents/servier/"]
path = ~/.gitconfig-servier
之后,我創建了 2 個不同的其他檔案,并確保我的名字對應于我的 Github 用戶名,電子郵件對應于我的 Github 電子郵件 我用來生成我的 SSH 密鑰的那個:
~/.gitconfig-work
[user]
name = pamousset35
email = work-email
~/.gitconfig-person
[user]
name = Pierre-Alexandre35
email = [email protected]
我的問題如下:我能夠與我的作業 Github 進行互動,但是與我的個人 github 進行互動時,當我嘗試push或時總是遇到此問題pull:
pwd
/Users/pierre-alexandre/Documents/perso/pierre-alexandre.io
git pull
錯誤日志:
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
github 配置使用git config -l(在同一目錄下)
credential.helper=osxkeychain
includeif.gitdir:~/Documents/perso/.path=~/.gitconfig-perso
user.name=Pierre-Alexandre35
[email protected]
includeif.gitdir:~/Documents/servier/.path=~/.gitconfig-servier
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
core.ignorecase=true
core.precomposeunicode=true
[email protected]:Pierre-Alexandre35/pierre-alexandre.io.git
remote.origin.fetch= refs/heads/*:refs/remotes/origin/*
branch.develop.remote=origin
branch.develop.merge=refs/heads/develop
然后我還輸入: ssh -vT [email protected]
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/pierre-alexandre/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/pierre-alexandre/.ssh/id_rsa type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_rsa-cert type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_dsa type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_dsa-cert type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_ecdsa type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_ed25519 type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_xmss type -1
debug1: identity file /Users/pierre-alexandre/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version babeld-a73e1397
debug1: no match: babeld-a73e1397
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM
debug1: Host 'github.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/pierre-alexandre/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/pierre-alexandre/.ssh/id_rsa
debug1: Will attempt key: /Users/pierre-alexandre/.ssh/id_dsa
debug1: Will attempt key: /Users/pierre-alexandre/.ssh/id_ecdsa
debug1: Will attempt key: /Users/pierre-alexandre/.ssh/id_ed25519
debug1: Will attempt key: /Users/pierre-alexandre/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_rsa
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_dsa
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_ecdsa
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_ed25519
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_xmss
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey)
然后 eval "$(ssh-agent -s)"
Agent pid 21213
和 ssh-add -l
The agent has no identities.
uj5u.com熱心網友回復:
Git 只是運行ssh以連接到主機。一旦連接,Git 就會ssh在其末端運行適當的 Git 命令,以處理獲取或推送操作。但是整個身份驗證程序——確定你是誰并決定你是否有權訪問——完全取決于 ssh,而 Git 在這個程序中沒有真正發揮作用。
ssh -Tv因此,您是此處的關鍵除錯輸出。在嘗試這些密鑰后,我們發現您與 github 的連接無法通過您的身份驗證:
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_rsa
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_dsa
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_ecdsa
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_ed25519
debug1: Trying private key: /Users/pierre-alexandre/.ssh/id_xmss
請注意,它從來沒有嘗試過任何公開密鑰。您需要向 GitHub 提供 ssh 提供的正確公鑰。
此時,另一個問題迫在眉睫。您的網址是:
[email protected]:Pierre-Alexandre35/pierre-alexandre.io.git
也就是說,您將讓 Git 要求以用戶身份登錄githost github.com。您沒有~/.ssh/config,因此沒有神奇的覆寫:您的 ssh 將連接到github.com并要求以身份登錄git,然后提供標準的 ssh 密鑰集。但是您想要一個覆寫:您想要連接 github.com并要求以 身份登錄git,但隨后您想要 ssh:
id_perso當且僅當您來自個人存盤庫時才發送公鑰,或id_work當且僅當您來自作業存盤庫時才發送公鑰
并且ssh 不知道您來自哪種存盤庫。
您需要以某種方式走私這種存盤庫 - 理想情況下,以一種聰明的方式。稍后我們會回到聰明,但現在讓我們假設您只是git remote set-url origin在每個作業存盤庫中使用將 URL 的登錄部分從[email protected]更改為git@gh-work,并將個人存盤庫的 URL 的登錄部分更改為git@gh-perso.
然后,在您的~/.ssh/config檔案中,您可以列出以下內容:
Host gh-work
Hostname github.com
IdentityFile ~/.ssh/id_work.pub
IdentitiesOnly yes
Host gh-perso
Hostname github.com
IdentityFile ~/.ssh/id_perso.pub
IdentitiesOnly yes
這配置了ssh,完全獨立于 Git,所以當你運行時ssh git@gh-perso,例如,你告訴你的 ssh 它應該:
- 連接到
github.com(替換gh-perso); - 嘗試將該
id_perso.pub檔案作為密鑰; - 除了列出的
IdentityFiles(您可以列出多個)之外不要嘗試任何其他內容,即跳過標準檔案。
因此,當Git要求ssh連接到 時git@gh-perso,ssh 實際上嘗試連接到github.com.
(作為一個方面說明,如果添加User git到Host和IdentityFile等部分,可以去掉的git@部分,這是不是必需的,但它是一種方便。)
注意:有時您可能或必須列出私鑰檔案,而不是公鑰檔案。有時您必須僅列出公鑰檔案。這似乎取決于代理版本和/或 ssh 版本。繼續作業ssh -Tv [email protected]直到你讓這部分正常作業,然后回到 Git 方面。
通過 Git includeIf 使這個變得聰明和自動化
Git 有一個技巧,它會在“最后一刻”重寫 URL,然后再與 fetch 或 push 連接。給定任何 URL,Git 會查找insteadOf條目。例如,如何將`git:` urls 轉換為`http:` urls 中對此進行了解釋,但我們可以使用它來重寫:
ssh://github.com/Pierre-Alexandre35/pierre-alexandre.io.git
進入:
ssh://gh-perso/Pierre-Alexandre35/pierre-alexandre.io.git
我們簡單地設定insteadOf:
[url "ssh://gh-perso/"]
insteadOf = ssh://github.com/
例如。(我還沒有真正測驗過所有的 insteadOf 東西,你可能需要稍微擺弄細節,這取決于你是否使用git@以及是否使用[email protected]:表單而不是ssh://[email protected]表單。)在每個包含的內容中放置適當的重寫規則個人和作業組態檔,現在github.comURL 自動變為gh-perso或gh-workURL,然后觸發您使用 ssh 設定的內容。
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/361015.html
下一篇:SSH本地到github混淆