Preface

I would like to use two different users on the same Gitea instance. That is, my typical repos should use user chris as before, but special-repo should use the user other-chris

Now I realize that I can do that on a per-repo level, where each repo receives its own configuration. But I wanted to do that on a SSH basis (what if I have a second-special-repo?). Also, I wanted to increase my learnings about SSH.

So, the following steps have to be done:

  • Create an SSH key: ssh-keygen -f ~/.ssh/gitea-other-chris -t ed25519 -C other-chris@local-machine for user1. Private and public key will be stored in ~/.ssh/gitea-other-chris and ~/.ssh/gitea-other-chris.pub, I will use ed25519 key creation algorithm and I will add the comment other-chris@local-machine to the key.
  • Create the Gitea User
  • Add the new public key to the new Gitea user.

The problem

Now if I run ssh git@gitea.domain.com, the SSH client searches my identities and tells me Hello there, chris! You have successfully logged in with the key named chris@local-machine [...]. This is nice, but I would like to login as user1. So let’s try something else: ssh -i ~/.ssh/gitea-other-chris git@gitea.domain.com.

What happens? Hello there, chris! You have successfully logged in with the key named chris@local-machine [...]. I would have expected to be user1 now but no…?

My way

My solution is as follows: I create an own SSH host for each user and define that in my ~/.ssh/config. For each user, I will add an entry as follows:

Host other.gitea.domain.com
    HostName gitea.domain.com
    User git
    IdentityFile /home/chris/.ssh/gitea-other-chris

Now let’s call ssh other.gitea.domain.com. I realize that I did not really change anything to the call before and actually, I am still greeted as chris with key chris@local-machine. Calling ssh with the -v option reveals the following: First, the “normal” SSH keys are used for trying authentication. After that, the defined ID is used.

After some research, I found out how to change that.

My solution

Host other.gitea.domain.com
    HostName gitea.domain.com
    User git
    IdentitiesOnly yes
    IdentityFile /home/chris/.ssh/gitea-other-chris

Now if a identity is specified, this one is used (first)! And I am happy.