gitsshgitolite

Specify an SSH key for git push for a given domain


I have the following use case: I would like to be able to push to git@git.company.com:gitolite-admin using the private key of user gitolite-admin, while I want to push to git@git.company.com:some_repo using 'my own' private key. AFAIK, I can't solve this using ~/.ssh/config, because the user name and server name are identical in both cases. As I mostly use my own private key, I have that defined in ~/.ssh/config for git@git.company.com. Does anyone know of a way to override the key that is used for a single git invocation?

(Aside: gitolite distinguishes who is doing the pushing based on the key, so it's not a problem, in terms of access, ownership and auditing, that the user@server string is identical for different users.)


Solution

  • Even if the user and host are the same, they can still be distinguished in ~/.ssh/config. For example, if your configuration looks like this:

    Host gitolite-as-alice
      HostName git.company.com
      User git
      IdentityFile /home/whoever/.ssh/id_rsa.alice
      IdentitiesOnly yes
    
    Host gitolite-as-bob
      HostName git.company.com
      User git
      IdentityFile /home/whoever/.ssh/id_dsa.bob
      IdentitiesOnly yes
    

    Then you just use gitolite-as-alice and gitolite-as-bob instead of the hostname in your URL:

    git remote add alice git@gitolite-as-alice:whatever.git
    git remote add bob git@gitolite-as-bob:whatever.git
    

    Note

    You want to include the option IdentitiesOnly yes to prevent the use of default ids. Otherwise, if you also have id files matching the default names, they will get tried first because unlike other config options (which abide by "first in wins") the IdentityFile option appends to the list of identities to try. See: https://serverfault.com/questions/450796/how-could-i-stop-ssh-offering-a-wrong-key/450807#450807