Overriding ssh-agent for git commands
- By Daniel Hoherd
- 2020-12-04 12:12:07-0800
When cloning git URLs with ssh, git reads your ssh-agent keys before reading any identities. This can become a problem when you have multiple identities loaded, and not all of them are authorized to access private repositories. This can cause commands like git clone
and yarn install
to fail when the unauthorized ssh key is accepted when logging in. This is complicated by the fact that you cannot remove keys from ssh-agent one at a time, you can only reset it entirely, or skip it by setting SSH_AUTH_SOCK=''
..
The best way to work around this is to run export GIT_SSH_COMMAND='ssh -o IdentitiesOnly=yes -i path/to/authorized/id_ed25519'
. This will skip all keys that are loaded in the ssh-agent and go straight to the given identity file.
The issue of having too many loaded identities also shows up in other scenarios, like when using vagrant, which loads keys, and you are connecting to a device that has a low MaxAuthTries
, like Cradlepoint modems or LibreElec devices, especially when you know you will need to enter a password. In these scenarios, you should specify ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no
.