1

I can't seem to pip install a private repository from github, and I'm pretty sure I've traced the problem to the key file. The complicating factor is that I have dozens of keyfiles in my ~/.ssh directory, and it doesn't seem to work when I try to specify a specific keyfile. For pip install, it's choosing the first keyfile regardless of my syntax.

Installing repo1 works, including when no such key file exists or if the wrong keyfile is specified:

> pip install git+ssh://git@github.com/username/repo1.git
> pip install --cert ~/.ssh/keyfile1 git+ssh://git@github.com/username/repo1.git
> pip install --cert ~/.ssh/keyfile1_BLAH_NO_SUCH_FILE git+ssh://git@github.com/username/repo1.git
> pip install --client-cert ~/.ssh/keyfile1 git+ssh://git@github.com/username/repo1.git
> pip install --client-cert ~/.ssh/keyfile1_BLAH_NO_SUCH_FILE git+ssh://git@github.com/username/repo1.git
> pip install --client-cert ~/.ssh/keyfile2 git+ssh://git@github.com/username/repo1.git

Installing repo2 doesn't work, regardless of syntax:

> pip install git+ssh://git@github.com/username/repo2.git
> pip install --cert ~/.ssh/keyfile2 git+ssh://git@github.com/username/repo2.git
> pip install --client-cert ~/.ssh/keyfile2 git+ssh://git@github.com/username/repo2.git

I can verify the key files are correct and recognized by Github by doing this:

> ssh -T git@github.com
Hi username/repo1! You've successfully authenticated, but GitHub does not provide shell access.

> ssh -T git@github.com -i ~/.ssh/keyfile1
Hi username/repo1! You've successfully authenticated, but GitHub does not provide shell access.

> ssh -T git@github.com -i ~/.ssh/keyfile2
Hi username/repo2! You've successfully authenticated, but GitHub does not provide shell access.

I can verify that keyfile1 is used if a key file is not specified or specified incorrectly:

> ssh -T git@github.com -i ~/.ssh/keyfile1_BLAH_NO_SUCH_FILE
Warning: Identity file keyfile1_BLAH_NO_SUCH_FILE not accessible: No such file or directory.
Hi username/repo1! You've successfully authenticated, but GitHub does not provide shell access.

> ssh -T git@github.com
Hi username/repo1! You've successfully authenticated, but GitHub does not provide shell access.

So I think this tells me keyfile2 is good.

And to eliminate the possibility of there being a problem with repo2, I moved the keyfile1 over to repo2 in github and repo2 was then the only repository that I could pip install.

So, it appears as though my pip install syntax only works for the first keyfile because it find it first, and I'm either incorrectly specifying the keyfile or my specification is being ignored.

pip 20.2.4

Any ideas?

phd
  • 82,685
  • 13
  • 120
  • 165
Jonathan
  • 491
  • 5
  • 19

2 Answers2

1

Options --cert and --client-cert are used only for HTTPS and never used for git+ssh protocol. pip actually doesn't have a way to pass an SSH key to git. You have to pass it by configuring git or ssh.

You can try to use the trick with multiple Github accounts in ~/.ssh/config.

Or you can use GIT_SSH_COMMAND environment variable and pass the key:

GIT_SSH_COMMAND='ssh -i ~/.ssh/keyfile2' pip install git+ssh://git@github.com/username/repo2.git
phd
  • 82,685
  • 13
  • 120
  • 165
  • Very helpful to know I wasn't doing something incorrectly. Do you think that's a reasonable feature request? I wouldn't mind helping to code/test it, but it would be my first contribution to a widely-used open source python library. Therefore I'd probably need someone to take me under their wing. – Jonathan Nov 19 '20 at 03:08
  • 1
    "*Do you think that's a reasonable feature request?*" You can try. I cannot predict how `pip` authors will react. They could decide that configuring `git` or `ssh` is the way to pass a key. – phd Nov 19 '20 at 08:44
0

As of today (pip 19.3.1), pip install works with ssh keys out of the box.

ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
pip install git+ssh://git@github.com/username/myprivaterepo.git@branch

(assuming the key ~/.ssh/id_rsa.pub has already been added to github)

Shadi
  • 9,742
  • 4
  • 43
  • 65