How to specify the private SSH-key to use when executing shell command on Git?
A rather unusual situation perhaps, but I want to specify a private SSH-key to use when executing a shell (git) command from the local computer.
Basically like this:
git clone [email protected]:TheUser/TheProject.git -key "/home/christoffer/ssh_keys/theuser"
Or even better (in Ruby):
with_key("/home/christoffer/ssh_keys/theuser") do sh("git clone [email protected]:TheUser/TheProject.git") end
I have seen examples of connecting to a remote server with Net::SSH that uses a specified private key, but this is a local command. Is it possible?
Something like this should work (suggested by orip):
ssh-agent bash -c 'ssh-add /somewhere/yourkey; git clone [email protected]:user/project.git'
if you prefer subshells, you could try the following (though it is more fragile):
ssh-agent $(ssh-add /somewhere/yourkey; git clone [email protected]:user/project.git)
Git will invoke SSH which will find its agent by environment variable; this will, in turn, have the key loaded.
HOME may also do the trick, provided you are willing to setup a directory that contains only a
.ssh directory as
HOME; this may either contain an identity.pub, or a config file setting IdentityFile.
None of these solutions worked for me.
Instead, I elaborate on @Martin v. Löwis 's mention of setting a
config file for SSH.
SSH will look for the user's
~/.ssh/config file. I have mine setup as:
Host gitserv Hostname remote.server.com IdentityFile ~/.ssh/id_rsa.github IdentitiesOnly yes # see NOTES below
And I add a remote git repository:
git remote add origin [email protected]:myrepo.git
And then git commands work normally for me.
git push -v origin master
IdentitiesOnly yesis required to prevent the SSH default behavior of sending the identity file matching the default filename for each protocol. If you have a file named
~/.ssh/id_rsathat will get tried BEFORE your
~/.ssh/id_rsa.githubwithout this option.
Read more... Read less...
Starting from Git 2.3.0 we also have the simple command (no config file needed):
GIT_SSH_COMMAND='ssh -i private_key_file -o IdentitiesOnly=yes' git clone [email protected]:repo.git
-o IdentitiesOnly=yes is required to prevent the SSH default behavior of sending the identity file matching the default filename for each protocol as noted in the answer above.
Other people's suggestions about
~/.ssh/config are extra complicated. It can be as simple as:
Host github.com IdentityFile ~/.ssh/github_rsa
A new configuration variable
core.sshCommandhas been added to specify what value for
GIT_SSH_COMMANDto use per repository.
If this variable is set,
git pushwill use the specified command instead of
sshwhen they need to connect to a remote system.
The command is in the same form as the
GIT_SSH_COMMANDenvironment variable and is overridden when the environment variable is set.
It means the
git pull can be:
cd /path/to/my/repo/already/cloned git config core.sshCommand 'ssh -i private_key_file' # later on git pull
You can even set it for just one command like
git -c core.sshCommand="ssh -i private_key_file" clone host:repo.git
set "GIT_SSH_COMMAND=ssh -i private_key_file"
To sum up answers and comments, the best way to set up git to use different key files and then forget about it, which also supports different users for the same host (e.g. a personal GitHub account and a work one), which works on Windows as well, is to edit
c:\Users\<your user>\.ssh\config) and specify multiple identities:
Host github.com HostName github.com IdentityFile /path/to/your/personal/github/private/key User dandv Host github-work HostName github.com IdentityFile /path/to/your/work/github/private/key User workuser
Then, to clone a project as your personal user, just run the regular
git clone command.
To clone the repo as the
git clone [email protected]:company/project.git.