Why is ssh not using identity set in config file?

Question

I am trying to configure certain git repo to use a specific public/private key to authenticate.

This is inside ~/.ssh/config

Host Repo
HostName bitbucket.org
User git
IdentityFile ~/.ssh/ynd
LogLevel DEBUG

And this is the log when trying to push to repo

debug1: Connecting to bitbucket.org [104.192.143.1] port 22.
debug1: Connection established.
debug1: identity file /Users/evgenipetrov/.ssh/ynd type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/evgenipetrov/.ssh/ynd-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.315-a08d059 app-134
debug1: no match: conker_1.0.315-a08d059 app-134
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha2-256-etm@openssh.com none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/evgenipetrov/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/evgenipetrov/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([104.192.143.1]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
debug1: Sending command: git-receive-pack '[deleted]'
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
repository access denied.
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Transferred: sent 3348, received 1736 bytes, in 0.4 seconds
Bytes per second: sent 9562.2, received 4958.2
debug1: Exit status 1
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I can see that is finding the identity but it is not using it to authenticate when publickey authentication is requested from server.

What am I doing wrong? Why is ssh not using IdentityFile from config file?

Answer 1

The LogLevel debug helped. I had this in my .ssh/config

Host github.com
 HostName github.com
 UseKeychain yes
 AddKeysToAgent yes 
 User git
 IdentityFile ~/.ssh/id_ed25519

Host github.com-personal
 UseKeychain yes
 AddKeysToAgent yes
 HostName github.com
 User git
 IdentityFile ~/.ssh/id_ed25519_personal

but hadn't run ssh-add -K ~/.ssh/id_ed25519_personal to add it to the keychain to prevent it falling back to the other file.

Answer 2

Looks like, your session is not able to access the specified key, and it's falling back to the default one. and it's able to access the bitbucket , but then, you are not able to access the repo with this key so take a look at the repo permissions with that default key /Users/evgenipetrov/.ssh/id_rsa

also check which ssh-keys are loaded into the ssh-agent and load the missing one with ssh-add

Answer 3

The host needs to match what you are using to ssh or git clone.

So

ssh -vv Repo

That should use the right key.

Also for readability.. space the config correctly

Host Repo
   HostName bitbucket.org
   User git
   IdentityFile ~/.ssh/ynd
   LogLevel DEBUG

Also I see this

debug1: identity file /Users/evgenipetrov/.ssh/ynd type 1
debug1: key_load_public: No such file or directory

Check that file is there