我有以下问题。作为我工作的一部分,我处理多个AWS账户,每个账户都有一个单独的AWS CodeCommit存储库和特定于账户的IAM用户(产生不同的用户ID)
我想找到一种方法,我可以根据回购
配置我的ssh来访问不同的帐户目前它正常工作,因为我的配置文件如下所示:
Host git-codecommit.*.amazonaws.com
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
我需要的是能够添加使用不同帐户的不同存储库,这样我每次从一个项目切换到另一个项目时都不必编辑配置文件,即
#Use this User ID and ssh-key for repo A
Host git-codecommit.*.amazonaws.com
User IAMUSERIDFROMACCOUNT1
IdentityFile ~/.ssh/codecommit_rsa
#Use this User ID and ssh-key for repo B
Host git-codecommit.*.amazonaws.com
User IAMUSERFROMANOTHERAWSACCOUNT
IdentityFile ~/.ssh/codecommit_rsa
我在没有找到正确答案的情况下浏览了所有地方。提前感谢您对此主题的任何帮助。
此致
答案 0 :(得分:7)
你走在正确的轨道上:-)。您需要修改配置文件并为每个User / IdentityFile对创建一个Host条目。例如:
Host git-account1
User IAMUSERIDFROMACCOUNT1
IdentityFile ~/.ssh/codecommit
HostName git-codecommit.us-east-1.amazonaws.com
Host git-account2
User IAMUSERIDFROMACCOUNT2
IdentityFile ~/.ssh/codecommit
HostName git-codecommit.us-east-1.amazonaws.com
Host git-account3
User IAMUSERIDFROMACCOUNT3
IdentityFile ~/.ssh/codecommit
HostName git-codecommit.us-east-1.amazonaws.com
你的git命令行看起来像这样:
git clone ssh:// git-account1 / v1 / repos / AccountOneRepo
git clone ssh:// git-account2 / v1 / repos / AccountTwoRepo
git clone ssh:// git-account3 / v1 / repos / AccountThreeRepo
答案 1 :(得分:0)
这对我有用。
您需要更改SSH密钥ID。您可以从IAM用户-> select_user-> security_credentials-> SSH密钥ID中获取SSH Kye ID
文件名〜/ .ssh / config
Host git-codecommit.ap-south-1.amazonaws.com
User <SSH Key ID>
IdentityFile ~/.ssh/id_rsa
HostName git-codecommit.ap-south-1.amazonaws.com
Host git-codecommit.us-east-2.amazonaws.com
User <SSH Key ID>
IdentityFile ~/.ssh/id_rsa
HostName git-codecommit.us-east-2.amazonaws.com
答案 2 :(得分:0)
很可能您已经在 HOST 中输入了存储库的完整路径,而不是在“~/.ssh/config”中输入了代码提交存储库 FQDN 公共端点:-
[user@example.com .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ--> ??
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
[user@example.com .ssh]# git clone ssh://APKAEIBAERJR2EXAMPLE@git-
codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ
Cloning into 'my-webpage'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository
exists.
[user@example.com .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com **---> CORRECT **
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
[user@example.com .ssh]# git clone ssh://APKAEIBAERJR2EXAMPLE@git-
codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ
Cloning into 'my-webpage'...
remote: Counting objects: 12, done.
Receiving objects: 100% (12/12), done.
[root@ip-10-0-6-161 .ssh]# ll
total 36
以下 AWS 文档中提供了详细步骤:-
Setup steps for SSH connections to AWS CodeCommit repositories on Linux
1.第 1 步:- 在 EC2 上生成 ssh 密钥
[user@example.com .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
**/root/.ssh/codecommit_rsa**
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/codecommit_rsa.
Your public key has been saved in /root/.ssh/codecommit_rsa.pub.
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The key's randomart image is:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2.第 2 步:-
使用 ssh-keygen 创建您的凭证并将公钥上传到 “AWS CodeCommit 的 SSH 密钥”部分
[user@example.com .ssh]# ll ~/.ssh/
total 36
-rw------- 1 root root 1679 Mar 16 02:06 codecommit_rsa
-rw-r--r-- 1 root root 432 Mar 16 02:06 codecommit_rsa.pub ----> *** upload to IAM ***
3.第 3 步:-
你的 ~/.ssh/config 文件应该是:-
[user@example.com .ssh]# pwd
/root/.ssh
[user@example.com .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa
注意:AWS CodeCommit 的 DNS FQDN 公共端点可以是任何东西,上面是在悉尼:ap-southeast-2 区域,从代码提交控制台的克隆下拉列表中检查您的。或者只使用通配符来允许代码提交
