Git and SSH, which key is used?

Say your .ssh directory contains 30 keys (15 private and 15 public).

Where in Git can one check which one is used to connect to a given remote repository?

The following entry in .ssh/config file solves the problem

  host git.assembla.com
  user git
  identityfile ~/.ssh/whatever

Where ~/.ssh/whatever is a path to your private key

Additionally, user and host can be picked up from

git push [email protected]:repo_name.git
         ^__ ^_______________
         user host

Executing ssh in verbose mode, aka ssh -v user@host, will print a huge load of debugging info, which also contains details on which keyfiles it is trying for login.

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/user/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 332
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

Now if you combine this, with the Step 4 in Git's own SSH help page, ssh -vT [email protected] can give you the answer.

Note: You can also use the -i switch to tell ssh during command execution, which keyfile to use.

I'd say most practical to my taste would be:

GIT_SSH_COMMAND='ssh -v' git …

of course, depending on circumstances it might be beneficial just to export it to current SHELL's environment so that you won't have to prepend it manually each time. Then it'd be this way:

export GIT_SSH_COMMAND='ssh -v'
git …

— As man git suggests there're a few of environmental variables that would affect Git's operations with use of SSH. According to man ssh you can get some debugging info when deploying -v option (not only but also, check out the manual if you're curious for more).

> which key is used?

In the output you would see smth like …

debug1: Offering public key: …

… which is the answer to your question.

Unless it is specified on the .ssh/config it will use the default private key file.

The default file is ~/.ssh/id_rsa or ~/.ssh/id_dsa or ~/.ssh/identity depending on the protocol version.

This might be super edge, but after running ssh -vT [email protected] it showed me it was checking /root/.ssh for the keys, I was expecting it to check my home directory and then I realized I was logged in as root!

Since git just uses ssh to connect, it will use whichever key ssh would use to connect to the remote host. See the ~/.ssh/config file for details; the host block uses the IdentityFile directive to specify the private key to use. The ssh_config(5) manpage contains full details.

On the remote server, edit the sshd_config file and change LogLevel from INFO to VERBOSE and restart ssh.

Now your log file will hold the fingerprint of the key that was used to authenticate each user.

On Ubuntu, these files are:

/etc/ssh/sshd_config
/var/log/auth.log

but they may be different on another distro. Just google for their location (some use /var/log/secure for example).