22

Question:

Does anyone know if there's a simple means of discovering where pip install git+ssh:///... is searching for ssh keys?

Quick background (RESOLVED...see update below):

I am on Windows 10. I needed to install a private remote repository from github using pip in a conda virtual environment. I am the repo owner. I have a public/private ssh key pair set up through github.com. My local key is stored in C:\Users\MyName\\.ssh\id_rsa. Using this key I am able to push and pull without issue from github using my IDE, Eclipse.

However, when I executed the following command using my activated conda environment:

pip install git+ssh://github.com/USER_NAME/REPO_NAME.git

I got the following error:

Collecting git+ssh://github.com/USER_NAME/REPO_NAME.git
Cloning ssh://github.com/USER_NAME/REPO_NAME.git to
c:\users\USER_NAME\appdata\local\temp\pip-ghf3ts-build
Warning: Permanently added 'github.com,IP_ADDRESS' (RSA) to the list of
known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I know that the repo exists, and I know the ssh key works fine; so, I assumed whatever ssh routine pip was calling was not properly configured.

Update

I have solved this issue since then, and the 'bad configuration' assumption proved to be correct! I added a config file to C:\Users\MyName\.ssh specifying which file to use. Wham-bam, it works great now.

However! I would still be interested in knowing if there were anyway to have confirmed that pip was looking in that directory for ssh keys and configs; so, I'll leave this question open for now.

Improve this question

4 Answers 4

Reset to default
20

For deploying in projects with multiple ssh keys do following: 

$ export GIT_SSH_COMMAND="ssh -i ~/.ssh/deploy_key_1"
$ pip install git+ssh://git@<my_hosted_gitlab>/project_with_deploy_key_1
$ export GIT_SSH_COMMAND="ssh -i ~/.ssh/deploy_key_2"
$ pip install git+ssh://git@<my_hosted_gitlab>/project_with_deploy_key_2

It can be integrated in CI process.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

FYI, GIT_SSH_COMMAND is not available on Centos 7.
14

The GIT_SSH_COMMAND environment variable enables overriding the command that Git uses to run ssh. In this case, you want to enable verbose output. On Windows this looks like:

set GIT_SSH_COMMAND=ssh -v

Then when you run pip install git+ssh://github.com/USER_NAME/REPO_NAME.git, ssh outputs debug information, including where it looks for keys:

...
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [192.30.253.112] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/MyName/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
...
Improve this answer

Comments

0

If you do not have opportunity to use GIT_SSH_COMMAND environment vars (for example, is not available on Centos 7), you can try "dirty hack" with renaming ssh-keys before copying. This is not good way, but works.

My 'bad code':

mv /var/www/.ssh/id_rsa /var/www/.ssh/id_rsa.tmp
mv /var/www/.ssh/id_rsa_git /var/www/.ssh/id_rsa
mv /var/www/.ssh/id_rsa.pub /var/www/.ssh/id_rsa.pub.tmp

$VENV/bin/pip install --no-deps --editable "git+${REPO}@master#egg=web_bb_app"
$VENV/bin/pip install -r $VENV/src/web-bb-app/requirements/${BRANCH}_branch_ssh.txt

mv /var/www/.ssh/id_rsa /var/www/.ssh/id_rsa_git
mv /var/www/.ssh/id_rsa.tmp /var/www/.ssh/id_rsa
mv /var/www/.ssh/id_rsa.pub.tmp /var/www/.ssh/id_rsa.pub
Improve this answer

Comments

-1

I have replaced ssh with https and also mention username instead of git before '@' :

Old Version:

pip install git+ssh://[email protected]/measureprotocol/[email protected]#egg=measurecommons

Modified Solution :

pip install git+https://[email protected]/measureprotocol/[email protected]#egg=measurecommons
Improve this answer

2 Comments

This does not answer the question (namely "where does pip git look for ssh keys").
It's also outdated for private repos, now that github disabled https authentication. github.blog/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.