Gitolite One User - Many Keys - Different usernames

Adam picture Adam · Apr 20, 2011 · Viewed 18.4k times · Source

I have set up gitolite hopefully as per the instructions, and everything is working as planned.

I am slightly unsure as to how the usernames part works, and looking through the docs hasn't helped me - perhaps I'm missing something simple.

If I have two client machines, for use by one real person, but on each of those machines the usernames are, let's say dave and david. How can I organise the keys in keydir and any config file so that they both represent the same user? I get the suffix thing, dave@laptop, dave@desktop (I think), just not how to have different client machine usernames connecting, as it seems to look for this when authenticating (perhaps because of the public key containing user@host information?)

I can give more details if needed - I just didn't want to bombard you all with irrelevant information.

Thanks very much.

Answer

Steve Ross picture Steve Ross · Dec 2, 2011

The current recommended way according to the documentation

"The simplest and most understandable is to put their keys in different subdirectories [inside your /kedir], (alice.pub, home/alice.pub, laptop/alice.pub, etc)."

reference: https://gitolite.com/gitolite/basic-admin.html#multiple-keys-per-user

The old way

If you are asking how you accomplish the following:

  1. David (home computer)
  2. David (work computer)
  3. David (laptop)

With different ssh keys on each computer you would simply create the key (ie: keygen "[email protected]") and then copy the public key to your gitolite keydir directory (gitolite-admin/keydir). When you do that simply name the key [email protected], [email protected], and [email protected]. Add the keys to the repository (git add keydir/.), commit (git commit -m "added David's additional keys") and git push back to the server.

Gitolite is smart enough to know that even though it is a different key the user name (before the @) is still david and will let that user log in and use the ACL for david

Hope this helps

To fix a scenario where you might have john_home.pub john_work.pub open up your gitolite repo (admin repo) and rename the keys in your kedir to [email protected] and [email protected] commit and push. Now your user john can login from either machine and use the same username.

Keep in mind, in order for this to work, the email address in the SSH Keys needs to be the same for all of the user's keys. So using the example above, in the keys [email protected], [email protected], and [email protected] all should have the email address of [email protected].

Above was the "old way" do to this and may cause a complication if you have named your keys in the "email address way" contrary to what I stated above gitolite DOES NOT inspect your key for the proper email address. Please ignore (I left the original comment in for clarity).