Re: False negative authentication with multiple accounts on a SSH-GIT server

["M. Buecher" <maddes+git@maddes.net>]

Hi there,

you can use GIT_SSH_COMMAND or config 'core.sshCommand'.
For more flexibility use wrappers like ssh-ident.

Recommended read: https://superuser.com/a/1616186/557798

Hope this helps
Kind regards
Maddes


On 2021-01-19 07:17, Harley Paterson wrote:
> Hello,
> 
> I've noticed an edge case in Git when a user has two Git accounts on a
> single server - as might be common for a personal account and a work
> account on a Git forge (Github, GitLab, Bitbucket...)
> 
> When attempting SSH login, `ssh` and Git will eagerly connect with the
> first matching key. This may or may not be the key right key for the
> repository the user needs. As a result, Git clones, pulls, and pushes
> will fail with the `Repository not found` if the wrong key is tried
> first.
> 
> For example, the user `alice` has two accounts on the host
> `git-server.com`. `alice`'s accounts are `alice-work`, and
> `alice-personal`. `alice-work` has access to the `foo` repository, and
> `alice-personal` has access to the `bar` repository.
> 
> `alice` attempts to clone `foo` with both her `alice-work` and
> `alice-personal` keys in her SSH Agent. SSH Agent does not define
> which key it will attempt first, so SSH may connect successfully to
> `git-server.com` with her `alice-personal` keys, which do not have
> access to the `foo` repository.
> 
> I'd be interested in your opinions for fixes to this. I am willing to
> make a patch, although my knowledge of the Git codebase isn't perfect.
> 
> - Should Git servers provide distinctly different error messages for
> `access denied`, and `repository does not exist`? Currently the server
> immediately closes the connection in this case, so
> `transport.c:handshake()` with fail when attempting to
> `discover_version()` because the reader hits the EOF. Perhaps the
> server could send a hypothetical access denied packet here, and a more
> appropriate error generated?
> 
> Can anyone point me to where in the Git codebase the daemon receives
> and responds to these requests? I haven't found it yet, if I wanted to
> patch this.
> 
> - Should Git provide a `-i` option to allow the user to choose an SSH
> key, which could be added to the SSH subprocess's command line?
> 
> - Should Git attempt to iterate over all keys in the SSH Agent when
> the connection is setup, testing the connection to check if each
> connected key has access to the target repository, before giving up
> and reporting an error? This may be difficult looking at the current
> behavior of `ssh` and `ssh-agent`. `ssh-add -l` no longer lists paths
> to files (which could be plugged into `ssh -i`), just the key
> signature. Does anyone know of any SSH/SSH-Agent tricks which might
> help with this?
> 
> All the best,
> 
> 
> 
> H Paterson.