3

I have two GitHub accounts setup with ssh keys, one personal and one enterprise.

I have an ssh config file as such:

# * GitHub CKO SSH Key
Host github-enterprise
  HostName github.com
  AddKeysToAgent yes
  UseKeychain yes
  User git
  IdentityFile ~/.ssh/id_ed25519_github

# * GitHub Personal SSH Key
Host github-personal
  HostName github.com
  AddKeysToAgent yes
  UseKeychain yes
  User git
  IdentityFile ~/.ssh/gh_mervinhemaraju_ed25519

Both keys were created seperately and attached to the respective account.

The weird issue is that I was using this for like a month, and it was working. Today, when i logged in, i committed some work on my personal repo and when i tried to do a remote push (which was working for this repo previously), i got and user permission denied.

I then performed an ssh test on both ssh keys and the results was as such:

ssh -T ssh -T git@github-personal

Hi mervin-hemaraju-enterprise! You've successfully authenticated, but GitHub does not provide shell access.

ssh -T git@github-enterprise

Hi mervin-hemaraju-cko! You've successfully authenticated, but GitHub does not provide shell access.

The personal key test is wrong. It should've been Hi mervinhemaraju! You've successfully authenticated, but GitHub does not provide shell access. since mervinhemaraju is my personal account, but is instead referring to the enterprise one.

I am on MacOs. Can someone please help ?

Improve this question
2
  • Did you find a solution for this? I'm having the exact same problem on Mac OS. I've used this setup every day for a year, and two days ago it just broke the same way yours did. Github does not seem to honor the different keys even though I can see them being used. Commented Nov 17, 2022 at 22:21
  • Weird enough, your answer was the one that worked! How is it not working for you ? Commented Nov 19, 2022 at 14:50

2 Answers 2

Reset to default
12

Add IdentitiesOnly yes for the entries in the ssh config. This will prevent the SSH Agent from trying all the keys it knows of and only use the ones specified in the config file.

Specifies that ssh should only use the identity keys configured in the ssh_config files, even if ssh-agent offers more identities. https://www.ssh.com/academy/ssh/config

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I have had a similar issue, and what I did was create a local git config that explicitly specifies which SSH key to use.

My ~/.ssh/config file specifies to use my "work" ssh key, since that's most common on my work computer.

I have something like this in my ~/.ssh/config:

Host *
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/my-work-ssh-key
  ServerAliveInterval 60

In my "personal" projects, I configure Git to ignore my ~/.ssh/config file, and I set the identity file to my "personal" SSH key.

Something like this:

git config --local core.sshCommand "ssh -i ~/.ssh/my-personal-ssh-key -F /dev/null"

That puts the following in .git/config:

[core]
    sshCommand = ssh -i ~/.ssh/my-personal-key -F /dev/null
Improve this answer

2 Comments

So if you have to clone a repo let's say [email protected]/myrepo.git. How does it know which key to use ? Currently if i nee to use my personal, i'll do git@github-personal/myrepo.git and for work git@github-enterprise/myrepo.git. With your way, how do i clone ?
This is awkward, for sure, but something like git -c core.sshCommand='ssh -i ~/.ssh/your-enterprise-key-name -F /dev/null' clone [email protected]/whatever.git. You could mitigate the awkwardness by making shell script wrappers, e.g., git-workclone and git-persclone or something similar.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.