When I use Mix.install
with a git dependency, using git@github.com:...
how do I change the SSH identity used?
I’ve got two Github accounts – work and personal, and usually I’d specify GIT_SSH_COMMAND=ssh -i path/to/private_key -o IdentitiesOnly=yes
.
This works fine when running, say, iex
and Mix.install
in my terminal. When I try the same in Livebook, I get the following error:
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
I’ve tried editing .livebookdesktop.sh
– and the env var is set properly according to System.get_env
; didn’t work.
I’ve tried using system_env: %{"GIT_SSH_COMMAND" => "ssh -i ...
in Mix.install
; didn’t work.
How do I get Mix.install
to use alternate SSH identities inside Livebook?
Why is using the https://...
links not an option, by the way? You can just export the GITHUB_TOKEN
env var and it should just work. At least it does for me locally in the OS, locally in a Docker container, and in GitHub’s workers (with the .insteadOf
git setting on top).
I don’t want the extra step involved in managing a personal access token.
Is that adding more friction than providing the extra step of a private key and the command to use it? Your call, seems to me the token would be a touch easier.
I’ve already got the extra private key, so: yes.
Moreover, in order to apply the .insteadOf
option, I need a configuration file. And, because I’m keeping my personal and work configurations separate, it’s a separate configuration file.
And, if I could persuade Mix.install
to use a separate configuration file, I wouldn’t need the env var – because the configuration file already specifies core.sshCommand
, but that doesn’t seem to do anything here either.
1 Like
We don’t do anything special here, so my only suspicion is that the environment variable is not making its way to git
. You could try creating a simple git script, put it on top of your $PATH, and call env
to inspect all of the environment variables. If the GIT_SSH_COMMAND
you set at .livebookdesktop.sh is missing, that would explain it.
I did this. The GIT_SSH_COMMAND
environment variable is present, but seems to be ignored by the real git
command.
Ah! I wonder whether it’s because it can’t talk to the running ssh agent, so it can’t unlock the private key…?
Yes, probably this. System.get_env()
includes "SSH_AUTH_SOCK" => "/private/tmp/com.apple.launchd.BlahBlah/Listeners"
.
This is not the SSH_AUTH_SOCK
that my shell’s using – SSH_AUTH_SOCK=/var/folders/bunch/of/letters/and/numbers/agent.1234
I’ve got two ssh-agent
processes running, and Livebook’s talking to the one that doesn’t have my keys loaded.
I wonder how to get oh-my-zsh
to talk to the launchd-started one, instead of starting a new one…? That’s a problem for a different forum, however.
Thanks for the pointers.