Search code examples
gitsshpermissionssudo

can I use hostname from ssh config in git clone?

Per git docs the following syntax is supported for git clone <directory> command:

The following syntaxes may be used
ssh://[user@]host.xz[:port]/path/to/repo.git/
An alternative scp-like syntax may also be used with the ssh protocol:
[user@]host.xz:path/to/repo.git/

and I have in the ssh config file the following:

Host *
    PubkeyAcceptedKeyTypes=+ssh-rsa
    HostKeyAlgorithms=+ssh-rsa
Host aws
  User ubuntu
  HostName ec2-xx-xxx-xxx-xxx.compute-1.amazonaws.com
  IdentityFile /Users/xxxxxxxx/.ssh/aws.pem
  Port 22

Here is the result of each git command I tried:

  1. first syntax with username, full hostname and no port 
    sudo git clone ssh://ubuntu@ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com/var/www/.git
    result: success
  2. first syntax full name, hostname from config file and no port 
    sudo git clone ssh://ubuntu@aws/var/www/.git
    result: Could not resolve hostname aws: nodename nor servname provided, or not known
  3. first syntax with full hostname, no username and no port 
    sudo git clone ssh://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com/var/www/.git
    result:fatal: protocol error: bad line length character: Plea
  4. first syntax with username, IP and no port 
    sudo git clone ssh://ubuntu@xxx.xxx.xxx.xxx/var/www/.git
    result:success
  5. first syntax with IP, no username and no port 
    sudo git clone ssh://xxx.xxx.xxx.xxx/var/www/.git
    result:same error as #3
  6. first syntax with username, a domain name that takes to my server and no port 
    sudo git clone ssh://ubuntu@example.com/var/www/.git
    result:success
  • I'm concluding the username is always needed so I would like to know why the syntax in the git docs indicates it is optional. is there something wrong am doing ?
  • why no password or private key was ever asked ?
  • ssh config file has no indication of IP, or other hostnames used but they still work, why ?
  • why the hostname aws doesn't work ?
  • does this all mean my remote repository is accessible by anyone without the need for authentication ??
    I tried adding the flag --verbose for all above commands but it doesn't do anything. is there a way to find out what happened behind the scene for git clone or a log file to check ?

What I tried is above in the question, and am expecting the obvious result of the syntax to work as indicated in the doc but it did not.

Solution

  • can I use hostname from ssh config in git clone?

    Not only you can — it's the recommended way.

    sudo git clone ssh://ubuntu@aws/var/www/.git

    Here is the main problem — you use sudo and it runs git clone under a different user root so ssh (running from git) doesn't get access to your ~/.ssh/config. Do not use sudo with git, it's almost never required and very often leads to problem like this.

    why no password or private key was ever asked ?

    Because ssh running under root cannot resolve the name and cannot connect. No need to authenticate.

    PS. Additional advice: put the section under Host * in your ~/.ssh/config at the end of the file; ssh reads config in different order — first executed command wins. So first put the most specific commands, put Host * last.