0

I have two gitlab (Work and University) and one github (personal) accounts. So, I have three different ssh keys, work_id_rsa, uni_id_rsa and personal_id_rsa respectively.

I followed the instructions given in config file setup and using conditional if to specify key to add the accounts to the config file and also added conditional if to direct git to respective keys.

Here is how my ~/.ssh/config file looks like:

#gitlab university
Host uni-lab
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/uni_id_rsa

#gitlab work
Host work-lab
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/work_id_rsa

#github personal
Host personal-hub
    HostName github.com
    User git
    IdentityFile ~/.ssh/personal_id_rsa

and this is how my ~/.gitconfig file looks like:

[user]
    name = <global-user-name>
    email = <global-user-email>

[includeIf "gitdir:~/Documents/work"]
    [user]
        name = <work-gitlab-user-name>
        email = <work-gitlab-user-email>
    [core]
        sshCommand = "ssh -i ~/.ssh/work_id_rsa"

In the above snippet, ~/Documents/work is parents for all my work related repositories. And I have generalized the name and email in the snippet for confidentiality purpose.

The problem is, I am able to clone/pull work related git repos to my ~/Documents/work directory from remote as expected and also able to pull/clone from personal github account. However, any operation from University gitlab account from any directory on the system is failing with below shown error:

enter image description here

If I alter the .gitconfig file, this works alright but work related ssh operations to/from git remote fails.

and also, when I try git config user.name or git config user.email, it is fetching me work-gitlab-user-name and work-gitlab-user-email instead of global-user-name and global-email-name

I am sure someone must have had this issue in the past, I am pretty new to this and trying to explore the options I have. Please feel free to correct me or redirect me to any articles that address this. I have already tried several of them and none of them fixes my issue.

Thank you in advance. :)

Rajesh M
  • 31
  • 7

1 Answers1

0

You've mixed up several different concepts (which, to be fair, are not properly delineated in many tutorials), and your includeIf directive is wrong as well. Let's start with the key concepts:

  • Each commit you make stores a snapshot and metadata. The snapshot holds all of your files, as of the form they have at the time you the commit.1 The metadata, or information about the commit itself, contains a number of items of interest to you, and one of particular interest to Git itself. We'll mention only the items of interest to you here.

    In the metadata, Git has stored your name and email address. This name-and-email-address pair comes from the user.name and user.email settings. You can configure these with git config --global, which sets one value that applies to all your work with Git, and then again with git config --local (or no flag at all), which applies only to the current repository. You can also use the conditional include technique you want here.

    No matter what you do here, though, these just end up producing the final value for user.name and user.email. Git will take these values as they are set at the time you make the commit and embed these permanently into the new commit.

    Commits can never be changed, once made. So the new commit you just made will have this user.name and user.email setting forever. If you alter user.name and user.email, that will only affect new commits you make after this point. You can change these values at any time: no existing commit will change, but future commits you make will use the new values.

  • Entirely separate from your user.name and user.email settings, when you run git push or git fetch, your Git will call up another set of Git software, on (e.g.) GitHub or GitLab. The way Git invokes this other Git software is something you control: you can use https or ssh. You set this in the URL you store under the name origin.

    If you use https://github.com/user/repo.git, your Git will use the https protocol to contact GitHub. This allows your Git to use HTTPS-style authentication to tell GitHub who you are, and let GitHub verify that you are who you claim to be.

    If you use ssh://git@github.com/user/repo.git, your Git will use the ssh protocol to contact GitHub. This allows your Git to use ssh-style authentication to tell GitHub who you are, and let GitHub verify that you are who you claim to be.

The key takewaway here is that there are two separate steps:

  • First, you make commits. These embed the user.name and user.email text in the author and committer lines in the commits.

  • Then, later, you use git push to send the commits you made. This does not use user.name or user.email at all. The commits you made do contain those values, but neither HTTPS nor ssh use those values. They use something completely separate.

You will want to make sure both steps do the right thing. The includeIf directive is useful for the first step. It is not useful for the second.2

1This snapshot is more complicated than you might think from this description, but we won't go into details here for space reasons.

2You could in theory make it work here, but that's the wrong way to go.

Using includeIf

The way includeIf works is this:

  • Git reads the entire config file into memory.
  • Git now begins interpreting the file. If there is an [includeIf] section, Git looks at the conditional.
  • If the conditional matches, Git looks for the path = section below that conditional. Git then inserts the contents of the given path at this point.

That is, you do not put additional sections in this config file. Instead, you say that if your working tree is located in some particular part of your file system hierarchy, Git should also include another configuration file. You put the additional sections in that config file.

Rather than repeat the rest of an existing answer, I will simply direct you to Can I specify multiple users for myself in .gitconfig? at this point.

Using ssh identities

When you use https to connect to GitHub or GitLab, the process is pretty straightforward. Git invokes a credential manager, and that credential manager asks you for a user name and password, or retrieves a user name and password from a file, or something along those lines.

The user you claim to be is the name you or the credential manager provide to Git to pass along to the system's https libraries (libcurl, specifically). The password—or these days, access token instead, though Git still thinks it's a password and you use it just like a password and the credential manager still calls it a password even though it's a token—you give to GitHub or GitLab is the one the credential manager provides (possibly by having you type in it). These two items—user name and token—provide the necessary authentication. Git doesn't actually do these itself: Git passed everything off onto the credential manager. What this means is that if you want to claim to be Fred on Tuesday, but Ramesh on Thursday and Katerina on Friday, you just type in (or have your credential manager provide) that user name on that day.

Using ssh identification is more complicated internally, because for silly historical reasons, the user name you must have Git provide to GitHub or GitLab is hard-coded as git. That is, your computer must claim to be "logging in" as user git. Git once again foists all the hard authentication work off on another program—in this case ssh—so you just have your ssh claim to be user git.

But you have to actually tell GitHub or GitLab who you are. The way this works is that your identity—the "who you are" part of the authentication process—is smuggled into GitHub or GitLab in the ssh key you have ssh provide to GitHub or GitLab.

What this means is that, once again, if you want to claim to be Fred on Tuesday, Ramesh on Thursday, and Katerina on Friday, you must get your ssh—not your Git—to hand over the appropriate key. In general, the way you do this is via an ssh configuration, plus a "fake" host name.

Instead of calling up github.com, for instance, you might have your Git use ssh to call up gh-fred, or gh-katerina. Then in your ssh config, you say: Whenever someone asks for gh-fred, go to github.com and use the public key that claims to be Fred. Whenever someone asks for gh-katerina, go to github.com and use the public key that claims to be Katerina.

This is, again, all described in Can I specify multiple users for myself in .gitconfig? (at this answer rather than the accepted answer). Note that we usually don't want to change who we claim to be based on the day of week, or time of day, or whatever, but rather based on the repository we're working on, so that you only need to update the origin URL once for any given repository.

torek
  • 448,244
  • 59
  • 642
  • 775