You can add ssh-add globally

Can I do ssh-add against identFile , which will remain forever, currently it prevails only for the current active ssh session (i.e. identityFile added with ssh-add is lost when a new ssh session is executed with the server, can be found by running ssh-add -L)

The problem is that our Amazon server has various projects with repos located on github.

Now each repo has user-based access rights, say user A has access right only for project A , and B has access right only to project B

With this set of permissions (on github), now every user can perform a git operation (for example, git fetch, git push, etc.) only there is the corresponding project (this is what we want)

Now all I want is when the user performs the git operation in the corresponding project, I want the ssh-agent to execute all ssh-keys in the accounts and look for the one that matches this specific users

Note

that each ssh key has a phrase (a unique secret known to every user who has it) associated with it, it is proposed to enter it when the git function is executed.

for this we do

ssh-add /root/.ssh/A 

or

 ssh-add /root/.ssh/B 

But, as mentioned earlier, only for an active ssh session , logging out or creating a new ssh session with the ssh -add server information is lost . can be found by running ssh-add -L

I also tried defining IdentityFile in .ssh / config as described in this question

something like that

 Host github.com Hostname github.com User git IdentityFile /root/.ssh/A Host github.com Hostname github.com User git IdentityFile /root/.ssh/B 

This only works for one user (sometimes it works for "A", and sometimes it does not work, the same goes for "B")

Can this segregation be achieved or am I voicing a bit ambitious

thanks

+4
source share
1 answer

You are very close to editing IdentityFile. However, you need to have unique names listed in IdentityFile. Since you used github.com as the hostname both times when you try to connect to github.com, it has no idea which one to use.

We have a similar setup. We have 5 users, each of which is a member of one account. However, Github should see that each of them uses its own ssh key, so we have 5 keys. The trick to get around this is to make your file look like

 Host UserA_github Hostname github.com User git IdentityFile /root/.ssh/A Host UserB_github Hostname github.com User git IdentityFile /root/.ssh/B 

Whenever UserB wants to do something related to git (for example, clone one of its repositories), they will start ...

 git clone UserB_github:UserB/MyRepo 

or something similar. It will behave as if they entered ...

 git clone github.com:UserB/MyRepo 

except that it will use the corresponding IdentityFile / private key.

I understand that my solution does not use persistent ssh-add , but I think it will give you the same performance as you. Unfortunately, your users will have to enter their passphrase every time they make a transaction.

+4
source

Source: https://habr.com/ru/post/916332/


All Articles