How do I tell git which private key to use?

original link: https://gxnotes.com/article/9883.html
Problem Description

SSH has the-I option to tell which private key file to use when validating:

-I identity_file selects a file from which the identity (private key) for RSA or DSA authentication is read.  The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_rsa and ~/.SSH/ID_DSA for protocol version 2.  Identity files may also is specified on a per-host basis in the configuration file. It is possible to has multiple-i options (and multiple identities specified in configuration files).

Is there a similar way to tell git which private key file is used on a system that has multiple private keys in the ~/.ssh directory.

The best solution

In ~/.ssh/config, add:

Host github.com
 HostName github.com
 identityfile ~/.ssh/id_rsa_github
 User git

Now you can do git clone git@github.com:username/repo.git.

Note: Verifying that the Identityfile permission is 400.SSH will deny the SSH key that is too readable in a way that is not clear. It will only look like a voucher rejected. In this case, the solution is:

chmod ~/.ssh/id_rsa_github

second-best solution environment variable Git_ssh_command:

From git version 2.3.0 you can use the environment variable Git_ssh_command as follows:

git_ssh_command= "Ssh-i ~/.ssh/id_rsa_example" git clone example

Note that the-I can sometimes be overwritten by your profile, in which case you should give ssh an empty configuration file as follows:

git_ssh_command= "Ssh-i ~/.ssh/id_rsa_example-f/dev/null" git clone example

Configuration Core.sshcommand:

From git version 2.10.0, you can configure each repo or global, so you no longer have to set environment variables.

git config core.sshcommand "ssh-i ~/.ssh/id_rsa_example-f/dev/null"
git pull
git push

The third solution

There is no direct way to tell git which private key to use, because it relies on SSH for repository authentication. However, there are still several ways to achieve your goal: option 1:ssh-agent

You can use Ssh-agent to temporarily authorize your private key.

For example:

$ ssh-agent sh-c ' Ssh-add ~/.ssh/id_rsa; git fetch user@host '

option 2:git_ssh_command

Use the Git_ssh_command environment variable (Git 2.3.0+) to pass the SSH parameters.

For example:

$ Git_ssh_command= ' ssh-i ~/.ssh/id_rsa-o userknownhostsfile=/dev/null-o stricthostkeychecking=no ' 
                                                                GIT clone User@host

You can enter all of the contents in a single line, omitted. option 3:git_ssh

Use the GIT_SSH environment variable to pass SSH parameters.

For example:

$ Echo ' ssh-i ~/.ssh/id_rsa-o userknownhostsfile=/dev/null-o stricthostkeychecking=no $* ' > SSH
$ chmod +x ssh
  $ git_trace=1 git_ssh= './ssh ' GIT clone user@host

Note: The above line is the shell (Terminal) command line that you should paste into your terminal. They will create a file called SSH, make it executable, and execute it (indirectly). option 4:~/.ssh/config

Use the recommended ~/.ssh/config file in the other answer to specify the location of your private key.

Fourth Scenario

Write a script that calls SSH with the required parameters, and place the file name of the script in $git_ssh. Or put your configuration in ~/.ssh/config.

Fifth Scenario

After fighting with $GIT_SSH, I want to share something that is useful to me.

Through my example, I will assume that your private key is located in the/home/user/.ssh/jenkins error avoidance: Git_ssh value includes options

$ export git_ssh= "Ssh-i/home/user/.ssh/jenkins"

Or anything like that will fail, because Git will try to execute the value as a file. Therefore, you must create a script. $ git_ssh Script/home/user/gssh.sh Work example

The script will be called as follows:

$ $GIT _ssh [username@]host [-P <port>] <command>

The work sample script might look like this:

#!/bin/sh
ssh-i/home/user/.ssh/jenkins $*

Note that $* is an important part of it.

Even more secure choices, which will prevent any possible conflicts with your default profile (plus explicitly mentioning ports to use) will be:

#!/bin/sh
ssh-i/home/user/.ssh/jenkins-f/dev/null-p 22 $*

Assuming that the script is in/home/user/gssh.sh, then you will:

$ Export git_ssh=/home/user/gssh.sh

Everyone should work.

Sixth Scenario

If you do not want to specify an environment variable each time you run git, do not use another wrapper script, do not/cannot run Ssh-agent (1), and do not want to download another package for this purpose, use Git-remote-ext (1) for external transport:

$ git clone ' ext::ssh-i $HOME/.ssh/alternate_id git.example.com%s/path/to/repository.git '
cloning into ' Repository '
(...)
$ cd Repository
$ git Remote-v
origin  ext::ssh-i $HOME/.ssh/alternate_id git.example.com%s/path/to/ Repository.git (Fetch)
origin  ext::ssh-i $HOME/.ssh/alternate_id git.example.com%s/path/to/ Repository.git (push)

I think this solution is superior because:

It is a repository/remote-specific

Avoid packaging script bloat

No SSH proxy required – If you want unattended cloning/push/pull (for example in cron)

Of course, no external tools are required

Seventh Scenario

You can use ssh-ident instead of creating your own wrapper.

You can read more: https://github.com/ccontavalli/ssh-ident

It first needs to load the SSH key once, even for multiple logon sessions, xterms or NFS shared families.

With a tiny configuration file, it can automatically load different keys and separate them into different proxies (proxy forwarding) based on what you need to do.

Eighth Scenario

Use the custom host configuration in ~/.ssh/config as follows:

Host Gitlab-as-thuc  
    HostName git.thuc.com
    User git
    identityfile ~/.ssh/id_rsa.thuc
    identitiesonly Yes

Then use your custom host name:

git remote add Thuc git@gitlab-as-thuc:your-repo.git  

For more information, please read: http://itblog.study.land/how-to-specify-different-ssh-keys-for-git-push-for-a-given-domain/ References how to tell git which private key to use?

Note: The content of this article is integrated from google/baidu/bing assisted translation of the English data results. If you are not satisfied with the results, you can join us to improve the translation effect: gxnotes#qq.com (#替换为 @). This article by "shared notes" collation, Bowen Address: https://gxnotes.com/article/9883.html, without permission, please do not reprint.