1

I have multiple GitHub accounts set up on my Mac. It used to work great, until recently it just stopped working and I don't know why. My account has my computers ssh key, the ssh config is correct, I am even logged in and authenticated to the account that doesnt work via gh auth.

Config file

# ~/.ssh/config
# ...
Host github.com-work
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_work

Repo

Check git config

$ git config --list
credential.helper=osxkeychain
user.email=work-username@work.com
...
remote.origin.url=git@github.com-work:work-username/work-repo.git
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
...

Check gh auth

$ gh auth status
github.com
  ✓ Logged in to github.com as work-username (/Users/work-username/.config/gh/hosts.yml)
  ✓ Git operations for github.com configured to use ssh protocol.
  ✓ Token: *******************

Try to pull

$ git pull
ERROR: Repository not found.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Notice:

$ ssh -T -i ~/.ssh/id_rsa_work git@github.com
Hi not-work-username! You've successfully authenticated, but GitHub does not provide shell access.

$ ssh -T -i ~/.ssh/id_rsa_work git@github.com-work
Hi not-work-username! You've successfully authenticated, but GitHub does not provide shell access.

$ ssh -T git@github.com
Hi not-work-username! You've successfully authenticated, but GitHub does not provide shell access.

$ ssh -T git@github.com-work
Hi not-work-username! You've successfully authenticated, but GitHub does not provide shell access.

What am I doing wrong and how do I get it to work again?

SumNeuron
  • 4,850
  • 5
  • 39
  • 107
  • 1
    `credential.helper` is used only for https:// connections, not ssh:// connections; using the `ssh` command bypasses Git entirely and tests out just your ssh setup, so is a good idea here. The ssh output shows that ssh is always sending your not-work key though. Try `ssh -Tv` or `ssh -Tvvvvv` (you can use any number of v's, from 0 to as many as you can squeeze in, each one increases the debug level and ssh has more debug at higher levels although I think they stop at 3). – torek Apr 13 '22 at 18:52
  • 1
    With enough `-v` options (I'm never sure off hand how many is enough), you'll get to see where ssh is getting each key it tries, and see what happens as it tries that key, including whether it moves on to another key. If you're running the ssh agent (and on macOS you almost always *are* running it) your ssh will try keys it gets from the agent, so use `ssh-add -l` and consider adding `IdentitiesOnly yes` to your ssh configuration lines. – torek Apr 13 '22 at 18:54
  • 1
    My guess here is that your ssh is getting your not-work-key from your agent and trying that early on and it works and so it never moves on to try your work-key. Using `IdentitiesOnly yes` tells ssh *only use the keys that match `IdentityFile` lines* (so you control which ones it actually tries). – torek Apr 13 '22 at 18:56
  • @torek so it seems that sometimes my ssh agent is actually online so I have to run `eval "$(ssh-agent -s)"` and then `ssh-add ~/.ssh/id_rsa_work` to get it to run, but it is a pain to remember. Any ideas on how to keep it always on? – SumNeuron May 04 '22 at 19:47
  • Use the IdentitiesOnly line to avoid successful login as the wrong user. To successfully log in as the *right* user, put something in your .bashrc or .zshrc (or whatever shell you use) to check and remind you. – torek May 04 '22 at 21:38
  • @torek tried this but it didnt work – SumNeuron May 06 '22 at 14:07
  • Given that you've tracked it down to ssh-agent and expiring keys, you might want to ask a new question now, about how to check keys, their expirations, and so on, in ssh agent and/or your shell. (This is not a Git question!) – torek May 07 '22 at 02:11

1 Answers1

0

Check the content of id_rsa_work.pub and get its fingerprint

See if the fingerprint is listed in the SSH setting page of the expected account (or in the "not expected" account)

Compare its content with gh ssh-key list.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • so it seems that sometimes my ssh agent is actually online so I have to run `eval "$(ssh-agent -s)"` and then `ssh-add ~/.ssh/id_rsa_work` to get it to run, but it is a pain to remember. Any ideas on how to keep it always on? – SumNeuron May 04 '22 at 19:47
  • @SumNeuron Do you need an SSH key with passphrase? You could have one without passphrase. – VonC May 04 '22 at 20:07
  • I have one with a passphrase – SumNeuron May 05 '22 at 13:16