The argument "-i" passed to GIT_SSH_COMMAND is being ignored

Question

I want to use other IdentityFile for git. I want to use it dynamically, not via config. I'm doing this:

  $ GIT_SSH_COMMAND='ssh -i /home/my_user/.ssh/id_ed25519' git pull origin master
  repository access denied.
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

The pub key "id_ed25519.pub" is at my bitbucket.

And this fails too:

  $ git pull origin master
  repository access denied.
  fatal: Could not read from remote repository.

  Please make sure you have the correct access rights
  and the repository exists.

And:

$ git remote -v
origin  git@bitbucket.org:company123/repo456.git (fetch)
origin  git@bitbucket.org:company123/repo456.git (push)

Adding "-v" to 'ssh -i /home/my_user/.ssh/id_ed25519' reveals that my RSA key is being used, instead of ED. Why?

score 18 · Answer 1 · edited Sep 08 '22 at 09:00

18

I had the same issue with the recent Ubuntu version:

Using -vvv revealed following:

debug2: key: /home/ubuntu/.ssh/id_rsa (0x5628e48246d0), agent
debug2: key: /home/ubuntu/code/id_rsa (0x5628e4820af0), explicit

Adding -o IdentitiesOnly=yes solved it. It tells SSH to ignore identities from ssh-agent (e.g. added with ssh-add) which otherwise take precedence.

Full git command:

GIT_SSH_COMMAND='ssh -o IdentitiesOnly=yes -i /home/ubuntu/code/id_rsa -F /dev/null' git pull

edited Sep 08 '22 at 09:00

luator

4,769
3
30
51

answered Apr 14 '19 at 21:09

AlexTG

181
1
2

I added a sentence briefly describing what `IdentitiesOnly` does. Feel free to edit/revert in case you don't agree with the change. – luator Sep 08 '22 at 09:01

score 9 · Answer 2 · answered Feb 20 '18 at 05:37

9

Check you commands (is git called directly or through an alias) and configuration:
As I mention in "Using GIT_SSH_COMMAND", a git config -l might reveal other configuration that would override the environment variable.

Check the return of git config core.sshCommand.

Finally, GIT_SSH_COMMAND means Git 2.10+, so if your version of Git is too old, you will need to update it first.

answered Feb 20 '18 at 05:37

VonC

1,262,500
529
4,410
5,250

4

"git too old" was my problem. – studog Feb 08 '21 at 23:18
git --version show up "git version 2.33.0" still got this problem. – Harry T. Apr 13 '23 at 16:11
@TruongHieu Would git 2.40 have it too? – VonC Apr 13 '23 at 17:17

score 2 · Answer 3 · answered Feb 21 '21 at 15:07

In case anyone is having this problem with the slight variation of setting GIT_SSH_COMMAND on one line, and then on a different line actually running the git command, please try one of the following:

set GIT_SSH_COMMAND on the same line:

$ GIT_SSH_COMMAND="ssh -i ${key_location}" git clone [...]

or....

export GIT_SSH_COMMAND

$ export GIT_SSH_COMMAND="ssh -i ${key_location}"
$ git clone [...]

I was setting GIT_SSH_COMMAND right after finding which key to use, and then running git a few lines later. I mistakenly removed the export and it broke the git command.

Since this is one of the top google links when searching for "GIT_SSH_COMMAND" and the question is more upvoted than the answers, it might be that some visitors have the same problem as OP but for a different reason than what the other answers recommend. Hopefully this is helpful for someone.

The argument "-i" passed to GIT_SSH_COMMAND is being ignored

3 Answers3

Linked