0

Mac OS (High Sierra) here. I have an SSH key, example-gh-user, and when I run pbcopy < ~/.ssh/example-gh-user.pub and paste it into an editor I see:

ssh-ed25519 <SOME_REALLY_LONG_ALPHANUM> me@example.org

Obviously for security reasons I am replacing the actual value of <SOME_REALLY_LONG_ALPHANUM> and me@example.org with the dummy values above. But everything looks ok.

On GitHub, I have a user, example-gh-user, that is using the me@example.org email, and I can log in with that user and see all my repos. Everything appears fine.

I have followed the GitHub guide on adding an SSH key to my example-gh-user GitHub account. Hence, this SSH key should be associated with the same email address that my GH account is associated with.

In my ~/.ssh/config file, I have the following entries:

Host example-dev
  Hostname   github2.com
  AddKeysToAgent yes
  IdentityFile ~/.ssh/example-gh-user

Host github.com
  User git
  Hostname   github.com
  AddKeysToAgent yes
  PreferredAuthentications publickey
  IdentityFile ~/.ssh/example-gh-user

So far, so good, I think.

However, when I run the following from the command line:

ssh -Tv git@github.com

I get a huge dump of output that ends, interestingly-enough, with this:

debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi my-old-gh-user! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3452, received 2724 bytes, in 0.1 seconds
Bytes per second: sent 28403.1, received 22413.1
debug1: Exit status 1

Look at that! my-old-gh-user! That's an old GH user that I haven't used in years!

Where is SSH and/or git/GitHub looking to grab that my-old-gh-user from?! Does SSH cache old data some how? If I understand how everything works correctly, ~/.ssh/config clearly directs SSH to use ~/.ssh/example-gh-user when connecting as git user to github.com, right? Where am I going awry?

hotmeatballsoup
  • 385
  • 6
  • 58
  • 136
  • 1
    Have you tried this? https://stackoverflow.com/questions/27500861/whats-the-proper-way-to-go-get-a-private-repository – JimB Jan 21 '21 at 18:21
  • Thanks for the suggestion @JimB (+1) I will try it. Sounds like you want me to try running `git config --global url.git@github.com:.insteadOf https://github.com/` from the repo root? Just curious what that would be doing under the hood? – hotmeatballsoup Jan 21 '21 at 20:59
  • You can see what it does "under the hood" in the linked answer, it adds an `insteadOf` entry into the git config. A full description of `insteadOf` can be found in the documentation, but it's basically; use ssh _instead of_ https. – JimB Jan 22 '21 at 13:42
  • OK I ran `git config --global url.git@github.com:.insteadOf https://github.com/` in the root directory of the repo and then tried `go build` but am getting the exact same error. Any idea what I can troubleshoot next? – hotmeatballsoup Jan 22 '21 at 19:17
  • Did you also set `GOPRIVATE` as described in the answer? Can you run the same commands with `git` directly within the same environment? – JimB Jan 22 '21 at 19:25
  • Yes, I set and exported `export GOPRIVATE=github.com/SomeExampleOrg` from inside my `~/.bash_profile`. Which git command(s) would you like me to try running myself? – hotmeatballsoup Jan 22 '21 at 19:27
  • Can you clone the repo with git? – JimB Jan 22 '21 at 19:28
  • Hmm. In that other question you linked, the only `git clone` command I see given as an example is `git clone git@github.com:secmask/awserver-go.git`. Would you like me to try `git clone git@github.com:SomeExampleOrg/some-app.git`? – hotmeatballsoup Jan 22 '21 at 19:42
  • You can verify the clone url from the github UI, but yes, that is the basic format. – JimB Jan 22 '21 at 19:45
  • OK very interesting, I created a `tmp` directory and tried cloning the repo to it using the command posted above...and it failed! So, if I've specified `git@github.com` as the user, and I'm specifying SSH, what does this tell you? – hotmeatballsoup Jan 22 '21 at 19:54
  • 1
    It tells me this has nothing to do with Go, and you need to fix your git+ssh configuration. – JimB Jan 22 '21 at 19:55
  • @hotmeatballsoup Try set set `GIT_SSH_COMMAND` to `ssh -v`. Then clone again, and see if you see any clue in the SSH output. – VonC Jan 22 '21 at 20:19
  • Thanks @JimB (+1) I have edited my question to reflect this information and to place emphasis more on git/SSH misconfiguration rather than anything Go-related. – hotmeatballsoup Jan 22 '21 at 20:25

2 Answers2

1

How can I tell what the current latest some-service/client version is, and how do I update go.mod to use it?

Simply go get github.com/SomeExampleOrg/some-service/client (assuming the original line is still in go.mod)

That will update go.mod to the latest for that repository, and the go.mod line about client will display the latest version available.

If that repository is a public one, Go will use the normal HTTPS URL, and your SSH configuration won't be needed.

TheOP mentions in the discussion

ssh -Tv git@github.com` generates the following output:

Hi my-old-gh-user! You've successfully authenticated, but GitHub does not provide shell access.

my-old-gh-user is an old GH user that I haven't used in years and must have configured SSH for.

Where is SSH/GitHub grabbing the my-old-gh-user from?

By default, ssh will look for ~/.ssh/id_rsa(.pub). If that old public kay was registered to the old GitHub user account SSH profile setting (as documented by GitHub), that would explain why SSH identifies you by default with the old GitHub account.

Register a new public key in your new account, and make sure to replace the default one by your new key (or use an ~/.ssh/config file), and SSH will aithenticate you kwith the new account.

I generated ~/.ssh/example-gh-user

Then you need to add to your ~/.ssh/config file:

Host newgh
    HostName github.com
    User git
    IdentityFile ~/.ssh/example-gh-user

Then

ssh -Tv newgh

cd /path/to/repo
git remote set-url origin newgh:<me>/<repo>
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Thanks for the awesome answer @VonC (+1) unfortauntely I had bolded a question (the one that you quoted in your answer) by mistake. I have edited my question to properly identify the _real_ question being asked here; if you have any thoughts I'd love to hear them! Thanks again! – hotmeatballsoup Jan 22 '21 at 19:18
  • @hotmeatballsoup I understand, but did you try first to update the dependency as I suggested? Maybe that would have avoided the issue you got in the second part of your question. – VonC Jan 22 '21 at 19:44
  • @hotmeatballsoup If not, check out https://stackoverflow.com/a/65850333/6309 – VonC Jan 22 '21 at 19:45
  • Thanks again @VonC (+1 for both). When I run `go get github.com/SomeExampleOrg/some-service/client` I get `go: github.com/SomeExampleOrg/some-service/client@v0.8.0: reading github.com/SomeExampleOrg/some-service/client/client/go.mod at revision client/v0.8.0: unknown revision client/v0.8.0`. – hotmeatballsoup Jan 22 '21 at 20:37
  • Looking at the link you posted above, I _believe_ the relevant information would be to set `GO111MODULE=on` and `GOPRIVATE=github.com/SomeExampleOrg` in my `~/.bash_profile`, which I have done, but the issue remains. – hotmeatballsoup Jan 22 '21 at 20:39
  • Trying the `GIT_SSH_COMMAND="ssh -v"` recommendation from above, when I go to clone the repo using SSH, I see `ERROR: Repository not found` in the verbose SSH output. Full output has been added above as an update to the original question. – hotmeatballsoup Jan 22 '21 at 20:43
  • @hotmeatballsoup "Repository not found" means: 1/ either the repository name is not exactly the right one. 2/ Or you don't have the right to access it. – VonC Jan 22 '21 at 21:21
  • The repo name is correct, its clearly an issue with the SSH key. How to figure out what that issue is (I believe) the root/crux of this question. – hotmeatballsoup Jan 23 '21 at 01:20
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/227713/discussion-between-vonc-and-hotmeatballsoup). – VonC Jan 23 '21 at 01:21
1

The answer to this interesting scenario would lie on the way ssh-agent works and caches the identities(SSH keys) on MacOS' Keychains.

You can do ssh-add -L to get all the currently loaded identities, wherein you should see the old git ssh user's identities.

You can flush the identities using ssh-add -D or ssh-add -d or reload the ssh-agent using:

eval "$(ssh-agent -s)"
ssh-add
DhakkanCoder
  • 794
  • 3
  • 15