I freely concede that I have no knowledge of the inner workings of keychain, but it's completely reasonable that a local ssh agent should be upset not to have a public key that corresponds to a private key that it does have.
Consider what happens when you approach a remote server to authenticate. The remote server knows, from its authorized_keys
file, that it's prepared to accept a client that can prove it has the corresponding private key to each entry therein. But how does it ask for that from the client? It can't give each private key itself, nor any property thereof, because it doesn't have it; all it can do is present the public key(s), or fingerprints thereof, that it will accept.
If the client has any of those those public keys, it can immediately select the matching private key, and make a response which the server will accept as correct. If it doesn't have those public keys, what is it to do? Try every private key in its repertoire in turn? A better recipe for unsafe information disclosure could scarcely be imagined; a black-hat would only have to set up a man-in-the-middle attack on a single new connection to harvest legitimate responses from every key in your keyring.
It's possible that keypairs have some kind of internal numbering, but this would be completely arbitrary and unwise to rely on. There's no guaranteed internal property tying a private and public key together, because there's nothing shared by the keys in a keypair, save that one is (hopefully) the only entity that can undo what the other does.
No, the best way for the client to select the right private key to use to any given server is to have the matching public keys to assist it in key selection.
If your only concern is related to people being able to clone or pull from the repository, you can expose a bare repository over a webserver / HTTP. Git Book - Setting Up a Public Repository
There's also the corollary next page: Git Book - Setting Up a Private Repository if you want to grant others push access.
If you don't want to setup seperate accounts for every user, you can use a tool called Gitosis. In gitosis, there is an authorized_keys file that contains the public keys of everyone authorized to access the repository, and then everyone uses the 'git' user to do pushes and pulls.
Best Answer
In your script, are you doing an
$(eval ssh-agent)
, and then anssh-add <private_key>
?To verify, do an
ssh-add -l
before doing the git pull to make sure your keys are where they should be.[edit] Try making a script like this: