为给定域的 git push 指定 SSH 密钥 [英] Specify an SSH key for git push for a given domain

问题描述

我有以下用例:我希望能够使用用户 gitolite-admin<的私钥推送到 git@git.company.com:gitolite-admin/code>，而我想使用我自己的"私钥推送到 git@git.company.com:some_repo.AFAIK，我无法使用 ~/.ssh/config 解决这个问题，因为在这两种情况下用户名和服务器名是相同的.由于我主要使用自己的私钥，因此我在 ~/.ssh/config 中为 git@git.company.com 定义了它.有谁知道覆盖用于单个 git 调用的密钥的方法吗?

I have the following use case: I would like to be able to push to git@git.company.com:gitolite-admin using the private key of user gitolite-admin, while I want to push to git@git.company.com:some_repo using 'my own' private key. AFAIK, I can't solve this using ~/.ssh/config, because the user name and server name are identical in both cases. As I mostly use my own private key, I have that defined in ~/.ssh/config for git@git.company.com. Does anyone know of a way to override the key that is used for a single git invocation?

(另外:gitolite根据key来区分谁在做推送，所以从访问、所有权和审计的角度来看，user@server字符串对于不同的用户是相同的.)

(Aside: gitolite distinguishes who is doing the pushing based on the key, so it's not a problem, in terms of access, ownership and auditing, that the user@server string is identical for different users.)

推荐答案

即使用户和主机相同，在~/.ssh/config中仍然可以区分.例如，如果您的配置如下所示:

Even if the user and host are the same, they can still be distinguished in ~/.ssh/config. For example, if your configuration looks like this:

Host gitolite-as-alice
  HostName git.company.com
  User git
  IdentityFile /home/whoever/.ssh/id_rsa.alice
  IdentitiesOnly yes

Host gitolite-as-bob
  HostName git.company.com
  User git
  IdentityFile /home/whoever/.ssh/id_dsa.bob
  IdentitiesOnly yes

然后您只需使用 gitolite-as-alice 和 gitolite-as-bob 而不是 URL 中的主机名:

Then you just use gitolite-as-alice and gitolite-as-bob instead of the hostname in your URL:

git remote add alice git@gitolite-as-alice:whatever.git
git remote add bob git@gitolite-as-bob:whatever.git

注意

您希望包含选项 IdentitiesOnly yes 以防止使用默认 ID.否则，如果您还有与默认名称匹配的 id 文件，它们将首先被尝试，因为与其他配置选项(遵循优先")不同，IdentityFile 选项 appends 到要尝试的身份列表.请参阅:https://serverfault.com/问题/450796/how-could-i-stop-ssh-offering-a-wrong-key/450807#450807

Note

You want to include the option IdentitiesOnly yes to prevent the use of default ids. Otherwise, if you also have id files matching the default names, they will get tried first because unlike other config options (which abide by "first in wins") the IdentityFile option appends to the list of identities to try. See: https://serverfault.com/questions/450796/how-could-i-stop-ssh-offering-a-wrong-key/450807#450807

这篇关于为给定域的 git push 指定 SSH 密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！