7

I have this:

ssh -T git@github.com || {
  echo "Could not ssh to/with Github, check your auth";
  exit 1;
}

I get:

Hi ORESoftware! You've successfully authenticated, but GitHub does not provide shell access.
Could not ssh to/with Github, check your auth

Since the exit code is not zero, do I really need to parse the output to see if auth can be established?

Madhu Bhat
  • 13,559
  • 2
  • 38
  • 54
Alexander Mills
  • 90,741
  • 139
  • 482
  • 817
  • How many SSH keys do you have, under ~/.ssh, that are known to github? – z atef Sep 15 '18 at 00:13
  • At least 2 such ssh keys I think – Alexander Mills Sep 15 '18 at 00:13
  • 3
    If you could run commands you'd get back the exit status of the commands you run. Instead, you get back the exit status of the command that Github runs, that prints the "successfully authenticated" message and then exits 1. However, if the password is wrong or auth fails, you do get exit status 255. So you can use `$?` to tell these apart! – torek Sep 15 '18 at 02:18
  • So if 1, it's ok, if 255, bad news, got it, huh – Alexander Mills Sep 15 '18 at 07:05

3 Answers3

6

There are only 2 return values that I expect when running ssh -T git@github.com:

  1. 1: user is authenticated, but cannot open a shell with GitHub
  2. 255: user is not authenticated

You will never get a return code of 0 for exactly the reason @VonC described. That means you can't use fun bash shorthands for checking return codes, like short-circuiting logic checks - you must be explicit in recording and checking $?.

Here's a shell script I use to check if I'm auth'd to GitHub:

function github-authenticated() {
  # Attempt to ssh to GitHub
  ssh -T git@github.com &>/dev/null
  RET=$?
  if [ $RET == 1 ]; then
    # user is authenticated, but fails to open a shell with GitHub 
    return 0
  elif [ $RET == 255 ]; then
    # user is not authenticated
    return 1
  else
    echo "unknown exit code in attempt to ssh into git@github.com"
  fi
  return 2
}

You can use it casually from the command line like so:

github-authenticated && echo good

or more formally in a script like:

if github-authenticated; then
    echo "good"
else
    echo "bad"
fi
Ari Sweedler
  • 807
  • 7
  • 25
4

"successfully authenticated" message and then exits 1 can be confusing.
But GitHub returns an exit status of 1 because it refuses to do what your ssh command was asking: opening an interactive shell. Hence '1'

As mentioned in the ssh man page

ssh exits with the exit status of the remote command or with 255 if an error occurred.

See "How to create a bash script to check the SSH connection?" for more option.

In your case:

if ssh -q git@github.com; [ $? -eq 255 ]; then
   echo "fail"
else
   # successfully authenticated
fi
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
1

Instead of checking for value 255, I prefer checking for value 1. There could exist other implementations of ssh that use values other than 255.

set +e  # If initially using `set -e`
ssh -T git@github.com  # Expected exit status is 1.
exit_status=$?
set -e  # If initially using `set -e`
if [ ${exit_status} -ne 1 ] && [ ${exit_status} -ne 0 ]; then
  exit ${exit_status}
fi

I understand that value 0 isn't expected with GitHub, but I'm allowing for it anyway in case GitHub decides to change the returned value to something more practical (0) than pedantic (1).

Asclepius
  • 57,944
  • 17
  • 167
  • 143