How to discover where 'pip install git+ssh://...' is searching for ssh keys?

Question

Question:

Does anyone know if there's a simple means of discovering where pip install git+ssh:///... is searching for ssh keys?

Quick background (RESOLVED...see update below):

I am on Windows 10. I needed to install a private remote repository from github using pip in a conda virtual environment. I am the repo owner. I have a public/private ssh key pair set up through github.com. My local key is stored in C:\Users\MyName\\.ssh\id_rsa. Using this key I am able to push and pull without issue from github using my IDE, Eclipse.

However, when I executed the following command using my activated conda environment:

pip install git+ssh://github.com/USER_NAME/REPO_NAME.git

I got the following error:

Collecting git+ssh://github.com/USER_NAME/REPO_NAME.git
Cloning ssh://github.com/USER_NAME/REPO_NAME.git to
c:\users\USER_NAME\appdata\local\temp\pip-ghf3ts-build
Warning: Permanently added 'github.com,IP_ADDRESS' (RSA) to the list of
known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I know that the repo exists, and I know the ssh key works fine; so, I assumed whatever ssh routine pip was calling was not properly configured.

Update

I have solved this issue since then, and the 'bad configuration' assumption proved to be correct! I added a config file to C:\Users\MyName\.ssh specifying which file to use. Wham-bam, it works great now.

However! I would still be interested in knowing if there were anyway to have confirmed that pip was looking in that directory for ssh keys and configs; so, I'll leave this question open for now.

Answer 1

For deploying in projects with multiple ssh keys do following:

$ export GIT_SSH_COMMAND="ssh -i ~/.ssh/deploy_key_1"
$ pip install git+ssh://git@<my_hosted_gitlab>/project_with_deploy_key_1
$ export GIT_SSH_COMMAND="ssh -i ~/.ssh/deploy_key_2"
$ pip install git+ssh://git@<my_hosted_gitlab>/project_with_deploy_key_2

It can be integrated in CI process.

Answer 2

The GIT_SSH_COMMAND environment variable enables overriding the command that Git uses to run ssh. In this case, you want to enable verbose output. On Windows this looks like:

set GIT_SSH_COMMAND=ssh -v

Then when you run pip install git+ssh://github.com/USER_NAME/REPO_NAME.git, ssh outputs debug information, including where it looks for keys:

...
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [192.30.253.112] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
...

Answer 3

If you do not have opportunity to use GIT_SSH_COMMAND environment vars (for example, is not available on Centos 7), you can try "dirty hack" with renaming ssh-keys before copying. This is not good way, but works.

My 'bad code':

mv /var/www/.ssh/id_rsa /var/www/.ssh/id_rsa.tmp
mv /var/www/.ssh/id_rsa_git /var/www/.ssh/id_rsa
mv /var/www/.ssh/id_rsa.pub /var/www/.ssh/id_rsa.pub.tmp

$VENV/bin/pip install --no-deps --editable "git+${REPO}@master#egg=web_bb_app"
$VENV/bin/pip install -r $VENV/src/web-bb-app/requirements/${BRANCH}_branch_ssh.txt

mv /var/www/.ssh/id_rsa /var/www/.ssh/id_rsa_git
mv /var/www/.ssh/id_rsa.tmp /var/www/.ssh/id_rsa
mv /var/www/.ssh/id_rsa.pub.tmp /var/www/.ssh/id_rsa.pub

Answer 4

I have replaced ssh with https and also mention username instead of git before '@' :

Old Version:

pip install git+ssh://git@github.com/measureprotocol/measure-commons.git@v0.1.1#egg=measurecommons

Modified Solution :

pip install git+https://abhay-kiwi@github.com/measureprotocol/measure-commons.git@v0.1.1#egg=measurecommons