我喜欢偶尔从我的工作电脑(Windows 7)使用一些个人 Github 存储库,因此在花费了比我预期更多的时间来了解 SSH 的工作原理后,我创建了一组不同的密钥,注册到我的个人帐户,并在我的.ssh/config
文件中创建了一个自定义主机,以便将它们与 github 一起使用。它看起来像这样:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/github_rsa
IdentitiesOnly yes
Host github-personal
HostName github.com
User git
IdentityFile ~/.ssh/{personal-username}_github_rsa
IdentitiesOnly yes
Host *
IdentitiesOnly yes
不久前,我设法在我的工作电脑上设置了一个个人仓库,其遥控器看起来像
git@github-personal:{personal-username}/{repo}
运行良好。不过最近我尝试设置另一个,但它似乎一直在尝试提供我的~/ssh/github_rsa
身份文件。运行后ssh -v git@github-personal
我得到:
debug1: Reading configuration data /c/Users/Admin/.ssh/config
debug1: /c/Users/Admin/.ssh/config line 7: Applying options for github-personal
debug1: /c/Users/Admin/.ssh/config line 13: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: Hostname has changed; re-reading configuration
debug1: Reading configuration data /c/Users/Admin/.ssh/config
debug1: /c/Users/Admin/.ssh/config line 1: Applying options for github.com
debug1: /c/Users/Admin/.ssh/config line 13: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: /etc/ssh/ssh_config line 5: Applying options for github.com
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Admin/.ssh/{personal-username}_github_rsa type 1
debug1: identity file /c/Users/Admin/.ssh/{personal-username}_github_rsa-cert type -1
debug1: identity file /c/Users/Admin/.ssh/github_rsa type 1
debug1: identity file /c/Users/Admin/.ssh/github_rsa-cert type -1
debug1: identity file /c/Users/Admin/.ssh/github_rsa type 1
debug1: identity file /c/Users/Admin/.ssh/github_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
Warning: Permanently added 'github.com,192.30.252.129' (RSA) to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/Admin/.ssh/github_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.252.129]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
PTY allocation request failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi {work-username}! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Connection to github.com closed.
Transferred: sent 3568, received 1800 bytes, in 0.2 seconds
Bytes per second: sent 20744.2, received 10465.1
debug1: Exit status 1
看看这两行:
debug1: Offering RSA public key: /c/Users/Admin/.ssh/github_rsa
...
Hi {work-username}! You've successfully authenticated, but GitHub does not provide shell access.
它显然提供了我的标准工作密钥。在我看来,问题出在这里:
debug1: /c/Users/Admin/.ssh/config line 7: Applying options for github-personal
...
debug1: Hostname has changed; re-reading configuration
...
debug1: /c/Users/Admin/.ssh/config line 1: Applying options for github.com
它最初读取正确的主机配置,但后来改变了主意,改为读取默认的 github 主机。我记得上次遇到过类似的问题,IdentitiesOnly yes
答案是添加,但我已经有了。
答案1
Openssh 浏览配置,并且不会被迫只接受一个匹配块。您的设置的问题在于您的别名github-personal
也会解析为主机名github.com
(HostName
下面的行),并且在 ssh 知道这一点后,它会使用有关主机名的新知识再次解析配置。此外,IdentityFile
选项不是唯一的,openssh 可以存储更多密钥。
如果您希望以这种方式运行,您可能必须将工作帐户更改为其他帐户github.com
,例如github-work
。这应该可以防止 openssh 回退到您的其他密钥。缺点当然是您必须重新配置您的存储库,但这不会造成太大影响。
答案2
这里有一个更简单的解决方案:https://serverfault.com/a/450807/147786
基本上只需添加:
Host *
IdentitiesOnly yes
直到你的尽头.ssh/config