I have a personal account and a company account on Unfuddle. On Unfuddle SSH keys can only be used on a single account, so I need to create a seperate SSH key on my laptop for both accounts. I ran ssh-keygen -t rsa to generate two keys with different names (personal is default name and company is {company}_rsa). The problem now is that it appears that my default key is used everywhere and I can't find out how to specify a key to use in Git for individual repos.
So my question is: How do I specify an SSH key to use on a repo-to-repo basis?
I setup my ssh_config (~/.ssh/config) but it still doesn't seem to work.
config:
Host {personalaccount}.unfuddle.com
HostName {personalaccount}.unfuddle.com
User git
IdentityFile /Users/dave/.ssh/id_rsa
Host {companyaccount}.unfuddle.com
HostName {companyaccount}.unfuddle.com
User git
IdentityFile /Users/dave/.ssh/cage_rsa
My Git repo config file for a repo on my company unfuddle account looks like this:
[remote "origin"]
url = git@{companyaccount}.unfuddle.com:{companyaccount}/overall.git
fetch = +refs/heads/*:refs/remotes/origin/*
So I am not sure if there is something wrong with my ssh config or my git config.
Answer
If you have an active ssh-agent that has your id_rsa key loaded, then the problem is likely that ssh is offering that key first. Unfuddle probably accepts it for authentication (e.g. in sshd) but rejects it for authorization to access the company repositories (e.g. in whatever internal software they use for authorization, possibly something akin to Gitolite). Perhaps there is a way to add your personal key to the company account (multiple people are not sharing the same corp_rsa public and private key files, are they?).
The IdentitiesOnly .ssh/config configuration keyword can be used to limit the keys that ssh offers to the remote sshd to just those specified via IdentityFile keywords (i.e. it will refuse to use any additional keys that happen to be loaded into an active ssh-agent).
Try these .ssh/config sections:
Host {personalaccount}.unfuddle.com
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
Host {companyaccount}.unfuddle.com
IdentityFile ~/.ssh/{companyaccount}_rsa
IdentitiesOnly yes
Then, use Git URLs like these:
git@{personalaccount}.unfuddle.com:{personalaccount}/my-stuff.git
git@{companyaccount}.unfuddle.com:{companyaccount}/their-stuff.git
If you want to take full advantage of the .ssh/config mechanism, you can supply your own custom hostname and change the default user name:
Host uf-mine
HostName {personalaccount}.unfuddle.com
User git
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
Host uf-comp
HostName {companyaccount}.unfuddle.com
User git
IdentityFile ~/.ssh/{companyaccount}_rsa
IdentitiesOnly yes
Then, use Git URLs like these:
uf-mine:{personalaccount}/my-stuff.git
uf-comp:{companyaccount}/their-stuff.git
No comments:
Post a Comment