AWS CodeCommit: Identifying Your Public Key
AWS CodeCommit is a great tool...until it no longer seems to allow you to access it.
Join the DZone community and get the full member experience.Join For Free
I use AWS CodeCommit to hold the work-in-progress articles for this blog. It's free, it's private, and it's not living on a disk drive in my house.
To access my repositories, I use SSH private key authentication. Unlike GitHub, CodeCommit doesn't just let you attach a public key to a repository. Instead, you associate a public key with a user token, and must use that user token to access the repository. That's not too onerous, because you can put the token in your
Host git-codecommit.*.amazonaws.com User APKANOTMYREALTOKENXX
Today, when pushing up some changes, I got a "permission denied" message. After a few minutes of cursing, and wondering if my AWS account had been hacked, I realized that I had changed my SSH config on my laptop, then copied it to my desktop. So CodeCommit was using the wrong user token.
Should be easy to solve. I just go to my IAM user page, and find the correct token for my SSH public key. But when I did that, all I saw were a list of tokens and dates; no descriptions. Okay, no problem. I look at the SSH public keys for each token (there aren't many) and see which corresponds to the on that machine. I opened the first, and it looked like this:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyB4VyUpaTgHjjBMTet4A blah blah blah -----END PUBLIC KEY-----
Which looks nothing at all like the key that I uploaded. A little more cursing, and a quick Google, and I learned that it was in PEM format, rather than the OpenSSH format of the keys in my
.ssh directory. A little more Googling turned up this command, to transform the file I had into the file I needed:
ssh-keygen -f .ssh/id_rsa.pub -e -m pem
I'm posting this for two reasons: first, if you (the reader) ever get a "permission denied" for your CodeCommit repository, Google might bring you here without too much cursing. Second, if an AWS project manager sees this (it's happened before): please let us add descriptions to our CodeCommit keys!
Published at DZone with permission of Keith Gregory, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.