On Sun, Mar 21, 2021 at 02:29:30AM -0700, vfclists wrote:
>
>
> On Sunday, March 21, 2021 at 1:52:47 AM UTC
sita...@gmail.com wrote:
>
> > On Sat, Mar 20, 2021 at 05:09:16AM -0700, vfclists wrote:
> > >
> > > I am trying out a system where keys to run gitolite are separate from
> > those
> > > of regular account users.
> >
> > I'm curious why? You should be using a dedicated **hosting
> > user** [1] for gitolite, so the keys would be separate anyway.
> >
> >
>
> On my personal repos I'm am usually acting as the gitolite administrator, a
> normal user of the git repository,
> as well as the regular user of the linux account all of which use different
> authorization keys.
on the same server account I assume...
> The keys conflict with each other when they are on the key chain at the
> same time and I need to be adding and deleting
> from the key chain when I'm switching between git access and regular
> account access.
no you don't. Use a ~/.ssh/config something like this:
identitiesonly yes
host me
user me
hostname 1.2.3.4
identityfile ~/.ssh/key-for-me
host gito
user me
hostname 1.2.3.4
identityfile ~/.ssh/key-for-gitolite-normal-user
host gito-a
user me
hostname 1.2.3.4
identityfile ~/.ssh/key-for-gitolite-admin-user
then you type `ssh me` to login and get a shell, `git clone
gito:reponame` to clone as a normal user, and `git clone
gito-a:gitolite-admin` to clone as gitolite administrator.
> Having different authorized key files for different ports
> means the keys can be on the key chain at the same time.
have all of them on your keychain; the identityfile directive
makes sure the correct one is chosen.
(The identitiesonly directory has a different purpose; it's only
really needed when you have lots of keys in your agent. You may
not need it but it's useful anyway, in case you later add many
more keys for many more machines/users.).