6

我有以下问题。作为我工作的一部分,我处理多个 AWS 账户,每个账户都有一个单独的 AWS CodeCommit 存储库和特定于账户的 IAM 用户(导致不同的用户 ID)

我想找到一种方法来配置我的 ssh 以根据 repo 访问不同的帐户

目前它工作正常,因为我的配置文件如下所示:

  Host git-codecommit.*.amazonaws.com
     User APKAEIBAERJR2EXAMPLE
     IdentityFile ~/.ssh/codecommit_rsa

我需要的是能够添加使用不同帐户的不同存储库,这样我每次从一个项目切换到另一个项目时都不必编辑配置文件,即

#Use this User ID and ssh-key for repo A
Host git-codecommit.*.amazonaws.com 
  User IAMUSERIDFROMACCOUNT1
  IdentityFile ~/.ssh/codecommit_rsa

#Use this User ID and ssh-key for repo B
Host git-codecommit.*.amazonaws.com
  User IAMUSERFROMANOTHERAWSACCOUNT
  IdentityFile ~/.ssh/codecommit_rsa

我到处浏览都没有找到正确的答案。在此先感谢您对此主题的任何帮助。

问候

4

3 回答 3

11

你在正确的轨道上:-)。您需要修改配置文件并为每个 User/IdentityFile 对创建一个主机条目。例如:

Host git-account1 
  User IAMUSERIDFROMACCOUNT1 
  IdentityFile ~/.ssh/codecommit
  HostName git-codecommit.us-east-1.amazonaws.com
Host git-account2 
  User IAMUSERIDFROMACCOUNT2
  IdentityFile ~/.ssh/codecommit
  HostName git-codecommit.us-east-1.amazonaws.com
Host git-account3 
  User IAMUSERIDFROMACCOUNT3
  IdentityFile ~/.ssh/codecommit
  HostName git-codecommit.us-east-1.amazonaws.com

您的 git 命令行如下所示:

git clone ssh://git-account1/v1/repos/AccountOneRepo

git clone ssh://git-account2/v1/repos/AccountTwoRepo

git clone ssh://git-account3/v1/repos/AccountThreeRepo

于 2016-06-01T16:52:32.747 回答
1

这对我有用。

您需要更改 SSH 密钥 ID。您可以从 IAM 用户 -> select_user -> security_credentials-> SSH Key ID 获取 SSH Kye ID

文件名 ~/.ssh/config

Host git-codecommit.ap-south-1.amazonaws.com 
  User <SSH Key ID> 
  IdentityFile ~/.ssh/id_rsa
  HostName git-codecommit.ap-south-1.amazonaws.com
Host git-codecommit.us-east-2.amazonaws.com 
  User <SSH Key ID> 
  IdentityFile ~/.ssh/id_rsa
  HostName git-codecommit.us-east-2.amazonaws.com
于 2019-04-17T05:44:01.357 回答
0

很可能您已经在 HOST 中输入了 repo 的完整路径,而不是在“~/.ssh/config”中输入了 Code Commit Repo FQDN 公共端点:-

[user@example.com .ssh]# cat config

    Host git-codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ--> ??
      User APKAEIBAERJR2EXAMPLE
      IdentityFile ~/.ssh/codecommit_rsa


[user@example.com .ssh]# git clone ssh://APKAEIBAERJR2EXAMPLE@git- 
 codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ
 Cloning into 'my-webpage'...
 Permission denied (publickey).
 fatal: Could not read from remote repository.
 Please make sure you have the correct access rights and the repository
 exists.





[user@example.com .ssh]# cat config
Host git-codecommit.ap-southeast-2.amazonaws.com **---> CORRECT **
User APKAEIBAERJR2EXAMPLE
IdentityFile ~/.ssh/codecommit_rsa


[user@example.com .ssh]#  git clone ssh://APKAEIBAERJR2EXAMPLE@git- 
codecommit.ap-southeast-2.amazonaws.com/v1/repos/myrepoXYZ
Cloning into 'my-webpage'...
remote: Counting objects: 12, done.
Receiving objects: 100% (12/12), done.
[root@ip-10-0-6-161 .ssh]# ll
total 36

以下 AWS 文档中提供了详细步骤:-

在 Linux 上设置与 AWS CodeCommit 存储库的 SSH 连接的步骤

1. 第 1 步:- 在 EC2 上生成 ssh 密钥

[user@example.com .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
**/root/.ssh/codecommit_rsa**
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/codecommit_rsa.
Your public key has been saved in /root/.ssh/codecommit_rsa.pub.
The key fingerprint is:
SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The key's randomart image is:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

2. 第 2 步:-

使用 ssh-keygen 创建您的凭证并将公有密钥上传到“AWS CodeCommit 的 SSH 密钥”部分中的 IAM 用户 

[user@example.com .ssh]# ll ~/.ssh/
total 36
-rw------- 1 root root 1679 Mar 16 02:06 codecommit_rsa
-rw-r--r-- 1 root root  432 Mar 16 02:06 codecommit_rsa.pub ----> *** upload to IAM ***

3. 第 3 步:-

你的 ~/.ssh/config 文件应该是:-

[user@example.com .ssh]# pwd
/root/.ssh

    [user@example.com .ssh]# cat config
    Host git-codecommit.ap-southeast-2.amazonaws.com
      User APKAEIBAERJR2EXAMPLE
      IdentityFile ~/.ssh/codecommit_rsa

注意:您的 AWS CodeCommit 的 DNS FQDN 公共端点可以是任何东西,上面是悉尼:ap-southeast-2 区域,从 codecommit 控制台的克隆下拉列表中检查您的。或者只使用通配符来允许代码提交

AWS CodeCommit 克隆 URL - SSH

于 2021-01-16T02:26:05.770 回答