how to generate an ssh key for another user?

Question

I am trying to clone to a gerrit server using another user username2 however it fails with Permission denied (publickey). I tried to generate an ssh key following the advice of Server Fault question "how do you create an ssh key for another user?"

The following steps didn't work. What am I missing?

• ssh-keygen -f ~/.ssh/username2
• cp ~/.ssh/username2.pub ~/.ssh/authorized_keys
• Added the username2.pub to tech-gerrit.sd.company.com
• ~/.ssh/config

    Host tech-gerrit.sd.company.com
    HostName tech-gerrit.sd.company.com
    Port 29418
    User username2
    IdentityFile /Users/username1/.ssh/username2
  

• Tried to clone using below command

  git clone ssh://[email protected]:29418
  

• Logged in as username2 into gerrit and added the username2.pub to

Answer 1

Normally, Git SCM is designed to use git as the user for SSH cloning. All users public keys in the SCM is propagated to that user. So it shouldn't matter which user you're trying to clone, as long as there's a private key matching the public key in SCM.

You can check if the key works by running ssh [email protected]:29418 and this should print a greeting that addresses the user with matching the private key

I.E: For me with GitHub

➜  ~ ssh -T [email protected]
Hi praveenprem! You've successfully authenticated, but GitHub does not provide shell access.

GitLab

➜  ~ ssh -T [email protected]
Welcome to GitLab, @prav!
➜  ~

BitBucket

➜  ~ ssh -T [email protected]
logged in as pravd.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
➜  ~

As you can see, all main steam SCM systems use the same user for SSH, which is git@.

The only time you would need to use a username is when you're cloning a repo over HTTP/HTTPS. In which case you would normally use username@.

Hope this helps.

Also don't forget to load the private key to the agent.

Run ssh-add -l and if you get The agent has no identities. Try adding the key with ssh-add.

Answer 2

IdentityFile /Users/username1/.ssh/username2.pub

This may not be your only problem, but you're probably specifying the wrong file here. The key file with the .pub extension contains the public portion of the key. The corresponding file without .pub contains the private portion of the key. The IdentityFile directive expects the name of the private key file, not the public key file. Try changing this directive to:

IdentityFile /Users/username1/.ssh/username2
                                            ^-- note no ".pub"

and see if things work better.

Answer 3

It would be better to list the exact commands you used so we could also look for typos and know which of the answers in question 323958 you followed. Also, it would be helpful to know about the software and configuration used on company.com.

Some things to try:

• GitHub and GitLab are set up to use git as the username. Perhaps company.com also does this. Try replacing username2 with git in your git clone command.
• Make sure you use an RSA key as specified on the Gerrit website - ssh-keygen -t rsa -f ~/.ssh/username2
• The Host line in ~/.ssh/config should match the name used on the command line, so Host tech-gerrit.sd.company.com - otherwise git and ssh won't use your entry in ~/.ssh/config at all.
• read the Gerrit ssh documentation again