164

Say your .ssh directory contains 30 keys (15 private and 15 public).

Where in Git can one check which one is used to connect to a given remote repository?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
James Raitsev
  • 92,517
  • 154
  • 335
  • 470

7 Answers7

110

The following entry in .ssh/config file solves the problem

  host git.assembla.com
  user git
  identityfile ~/.ssh/whatever

Where ~/.ssh/whatever is a path to your private key

Additionally, user and host can be picked up from

git push git@git.assembla.com:repo_name.git
         ^__ ^_______________
         user host
Dan Hook
  • 6,769
  • 7
  • 35
  • 52
James Raitsev
  • 92,517
  • 154
  • 335
  • 470
  • so if I wanted to use another ssh key for a different host, would I just repeat the same after the first?? Does the identityfile pertain to the first host before it? – MikeSchem Jul 06 '17 at 00:28
  • ok, yea, it seems like that's the case https://www.cyberciti.biz/faq/force-ssh-client-to-use-given-private-key-identity-file/ – MikeSchem Jul 06 '17 at 00:29
105

Executing ssh in verbose mode, aka ssh -v user@host, will print a huge load of debugging info, which also contains details on which keyfiles it is trying for login.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 332
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

Now if you combine this, with the Step 4 in Git's own SSH help page, ssh -vT git@github.com can give you the answer.

Note: You can also use the -i switch to tell ssh during command execution, which keyfile to use.

Sharadh
  • 1,298
  • 9
  • 15
Vajk Hermecz
  • 5,413
  • 2
  • 34
  • 25
  • See also: http://stackoverflow.com/questions/18845799/show-ssh-key-file-in-git-bash – Sharadh Sep 06 '16 at 14:16
  • 1
    You can also grep the standard error output of the ssh command to find the key file like this: `ssh -vv user@host 2> >(grep Offering)` - this will make things easier. The last file should be the public key. For example: `debug1: Offering RSA public key: /Users/macbookpro/.ssh/id_rsa` – Gianfranco P. Apr 04 '17 at 22:11
  • 6
    `github` is not the same thing as `git`. – ForeverWintr Jul 31 '19 at 21:51
44

I'd say most practical to my taste would be:

GIT_SSH_COMMAND='ssh -v' git …

of course, depending on circumstances it might be beneficial just to export it to current SHELL's environment so that you won't have to prepend it manually each time. Then it'd be this way:

export GIT_SSH_COMMAND='ssh -v'
git …

— As man git suggests there're a few of environmental variables that would affect Git's operations with use of SSH. According to man ssh you can get some debugging info when deploying -v option (not only but also, check out the manual if you're curious for more).

which key is used?

In the output you would see smth like …

debug1: Offering public key: …

… which is the answer to your question.

Emil Ahlbäck
  • 6,085
  • 8
  • 39
  • 54
poige
  • 1,562
  • 15
  • 12
  • 4
    YES. This should be the accepted answer. To make it work on windows CMD (ugh), use: `set GIT_SSH_COMMAND=ssh -v`. This helped me figure out that the ssh-config Inlcude-Path should be something like this on windows: `Include /C/Users/YourUserName.ssh/config` to make ssh and thus git use a config file which then uses for example a `HOST *` entry to specify the identity file git/ssh uses. – icyerasor Jan 03 '20 at 17:13
  • @icyerasor your command did not work for me as it thinks that `-v` belongs to `set`. This worked for me `$env:GIT_SSH_COMMAND='ssh -v'`. – Serj Jun 21 '23 at 16:45
  • amazing answer, very useful! – Berkay Berabi Jun 30 '23 at 09:22
23

Unless it is specified on the .ssh/config it will use the default private key file.

The default file is ~/.ssh/id_rsa or ~/.ssh/id_dsa or ~/.ssh/identity depending on the protocol version.

Rodrigo Flores
  • 2,411
  • 18
  • 17
18

This might be super edge, but after running ssh -vT git@github.com it showed me it was checking /root/.ssh for the keys, I was expecting it to check my home directory and then I realized I was logged in as root!

Moak
  • 12,596
  • 27
  • 111
  • 166
  • This technique, among other the same `ssh` way of interrogation are the correct solutions. Thanks. – daparic Jan 22 '19 at 09:16
  • This was the most useful answer, it really shows you what ssh key is used. Thanks for it. – herve Nov 05 '21 at 07:07
8

Since git just uses ssh to connect, it will use whichever key ssh would use to connect to the remote host. See the ~/.ssh/config file for details; the host block uses the IdentityFile directive to specify the private key to use. The ssh_config(5) manpage contains full details.

sarnold
  • 102,305
  • 22
  • 181
  • 238
2

On the remote server, edit the sshd_config file and change LogLevel from INFO to VERBOSE and restart ssh.

Now your log file will hold the fingerprint of the key that was used to authenticate each user.

On Ubuntu, these files are:

/etc/ssh/sshd_config
/var/log/auth.log

but they may be different on another distro. Just google for their location (some use /var/log/secure for example).

seumasmac
  • 2,174
  • 16
  • 7