USERAUTH fail with private key file for Github and Spring cloud config

Question

I tried to use the method for using private key (that has passphrase and is added to ssh-agent from file) (according to this stack post):

spring:
  cloud:
    config:
      server:
        git:
          uri: git@github.com-forApp:myorg/myrepo.git
          search-paths: '{application}'
          clone-on-start: true
          private_key_file: ~/.ssh/id_rsa

but I keep getting

org.eclipse.jgit.api.errors.TransportException: git@github.com:myorg/myrepo.git: USERAUTH fail

Do I have to do it exactly as doc says with pasting the key into config file or can one just point to the key file somehow?

EDIT

Actually it turns out that the private_key_file is not needed at all or ignored by Spring. But you need the ~/.ssh/config section pointing to private key to use:

Host github.com-forApp # used in spring uri 
       HostName github.com
       User git
       IdentityFile ~/.ssh/gitHubKey

Answer 1

I was able to replicate your behavior and resolved it with following. Let me know your thoughts.

USERAUTH fail is happening because you are not providing the passphrase for the RSA private key.(password for Basic Auth and passphrase for ssh private key)

spring:
  cloud:
    config:
      server:
        git:
          uri: git@github.com:myorg/myrepo.git
          search-paths: '{application}'
          clone-on-start: true
          passphrase: myprivatekeypassword

If you are not comfortable with keeping private key password in config then you can regenerate RSA key without passphrase but I am not sure whether it meets your security requirement.

By default ~/.ssh/id_rsa is sent during GIT SSH Authentication(Test with command ssh -vT git@github.com. You don't need to specify it in configuration. Also, I am not sure whether private_key_file works or not, since I don't see any official documentation for it.

If you have different named RSA file under .ssh then I would advise to create config file under ~/.ssh/config with github host details and identify file.

Here is one example.

Host github.com
    IdentityFile ~/.ssh/mygitid_rsa

Check this stack answer for more details which desired the configuration providing private key file path within config.