I was wondering if it was possible to have an RSA key that works for a specific repository only. Or something of that sorts. I have users that need to be able to create a git repo and read/write to it, and to manage who can read or write to it themselves. My plan was to use RSA keys (authorized_keys) and a git user, and giving the key to the group that needs to connect. Is there a way to specify which folders a rsa key can access?
2 Answers
Yes, it is supported. Try adding config
(without any extension) file to ~./ssh
with content as such:
Host github.com
HostName github.com
User madhead
IdentityFile ~/.ssh/id_rsa_1
Host bitbucket.org
HostName bitbucket.org
User madhead_
IdentityFile ~/.ssh/id_rsa_2

- 31,729
- 16
- 153
- 201
-
Would I have to have a linux user for each person? – Ryan Copley Jan 01 '13 at 00:22
-
No, it's just my nicknames for github and bitbucket :) So, when I commit to github, author looks like this: madhead
, and when I commit to bitbucket: madhead_ – madhead Jan 01 '13 at 00:25. -
2I think you understood the question wrong. He isn't asking for "how do I use a specific key when connecting" but "how can I only allow specific keys to access the bare reposities on my server" – Nils Werner Jan 04 '13 at 13:15
Sounds like a job for Gitosis.
Gitosis allows you to have each and every user use the git@server
user and identify themselves by a public key. Inside gitosis you can specifiy users (and their keys), groups and repositories. Each user and group can be given read or write access to any of the repositories.
This effectively achieves what you're asking for: Certain keys can be given access to certain repositories; all users are authenticating via their pubkeys.
It's noteworthy that gitosis doesn't isntall a new server or daemon but only makes use of the already accessible SSH server; all access control is done after the user has established the SSH connection. Also, regular shell logins are impossible using this method.
Basically, Gitosis does exactly what GitHub etc. do.

- 34,832
- 7
- 76
- 98