ssh-agent: Multiple Deploy Keys within npm/node application failing to authenticate with Private Repos

Hi there,

I’m trying to fetch multiple private repos as dependencies in GitHub Actions for an node/npm application. I’ll be upfront, I’m not very knowledgable on ssh keys and ssh authentication in general but I have done a lot of testing to try to debug where I’m going wrong. I’ll outline steps I’ve taken and troubleshooting and results:

Steps taken so far:

1. Generated key for Private Repo A using: ssh-keygen -t ed25519 -a 100 -f ~/.ssh/keys/A - this was generated without passphrase - I ran into that issue at first
2. Copied value from A.pub into the A repo’s Deploy Keys and then added the url in the comment field instead of the local identifier that was added to the comments during the keygen process. So the value was something along the lines of ssh-ed25510 *redacted* https://github.com/organization/A
3. Copied value from A into a secret within Repo C for Github Actions and named it A_PRIVATE_KEY
4. keygen the same way for B
5. Copied value from B.pub into B Deploy Keys and then added url to comment field resulting in something like: ssh-ed25510 *redacted* https://github.com/organization/B
6. Copied value from B into a secret within Repo C for Github Actions and named it B_PRIVATE_KEY
7. Added both keys per the docs (see code example 1)
8. Github Action does an npm ci but fails with “ERROR: Repository not found.” which I assume is specifically failing to authenticate

Code Example 1

    - uses: webfactory/ssh-agent@v0.5.1
      with:
        ssh-private-key: |
          ${{ secrets.A_PRIVATE_KEY }}
          ${{ secrets.B_PRIVATE_KEY }}

Troubleshooting/debugging:

• I’ve tested with just a single key and depending on the key that is used, the errors will appropriately display (using A key, success with A repo but fails installing B repo.
• I have found that the output messaging is not what I would expect it to be:

Key(s) added:
256 SHA256:/*redacted* collinb@collins-mbp.lan (ED25519)
256 SHA256:*redacted* collinb@collins-mbp.lan (ED25519)
Configuring deployment key(s)

Things that seem strange about this:

• I have replaced the comment collinb@ with the url of each private repo in the public keys within each private dependency A and B.
• I was expecting to see additional stdout for each key but nothing every shows other than Configuring deployment keys(s) and then it’s sort of a silent failure. I did test the regex used to make sure I didn’t have some sort of incorrect format and the format I was using https://github.com/organization/A was properly matching.
• I added a test clone step (code example 2) to try to mirror what you are doing in your repo but this fails with fatal: could not read Username for 'https://github.com': No such device or address

Code Example 2

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - uses: webfactory/ssh-agent@v0.5.1
      with:
        ssh-private-key: |
          ${{ secrets.B_PRIVATE_KEY }}
          ${{ secrets.A_PRIVATE_KEY }}
    - name: Test Clone
      run: |
        git clone https://github.com/organization/A.git test-fc-http
        git clone git@github.com:organization/A.git test-fc-git
        git clone ssh://git@github.com/organization/A.git test-fc-git-ssh

I have been able to successfully install doing

    - uses: webfactory/ssh-agent@v0.5.1
      with:
        ssh-private-key: ${{ secrets.A_PRIVATE_KEY }}
    - name: Debugging with Git Clone 1
       run: git clone ssh://git@github.com/organization/A.git test-a-http

in other repositories but for some reason I am really struggling to get the multiple deploy key setup to work for the private github repositories using npm install.

• Tested out different combinations of manual install and keys and have noticed that it will fail to authenticate when I use the comment field for the url of the repo in the public key. But if I switch it back to the collinb@ it will authenticate. I am pretty confident my issue relies in how I’ve generated the keys or configured my keys with the url and am unsure of my mistake.

I’m wondering if you might have any insight or steps that I can try out to try to get this to work on my end or point to how I’ve miss-configured the keys?

Thanks so much!