Used: git version 2.25.1
My scenario is that I have different users on GitLab.
- Private user
- Company user, with different groups
- User x from Customer y
Each user has its own separate ssh key.
.ssh/config would only allow one identity/account to work.
Host localhost NoHostAuthenticationForLocalhost yes Host git-codecommit.*.amazonaws.com User le-mapper IdentityFile ~/.ssh/id_rsa.pub # GitLab.com Host gitlab.com Preferredauthentications publickey User le-mapper IdentityFile ~/.ssh/id_rsa.pub
The git operation will fail for all other users with different identity files. For instance a repository for my company user, fetching with my identity file for my private user complains:
$ git fetch remote: remote: ======================================================================== remote: remote: The project you were looking for could not be found or you don't have permission to view it. remote: remote: ======================================================================== remote: fatal: Could not read from remote repository.
To examine the ssh communication with gitlab.com:
ssh -Tvvv email@example.com
Reading through the GitLab docs, it is possible to use multiple accounts for GitLab.
The trick is to use aliases for hosts in the
~.ssh/config file. For the Host, use an alias like
user_2.gitlab.com. You could also use the company name as an alias
# GitLab.com Host <user_1.gitlab.com> Hostname gitlab.com Preferredauthentications publickey User le-mapper # private user IdentityFile ~/.ssh/id_rsa.pub Host <user_2.gitlab.com> Hostname gitlab.com Preferredauthentications publickey User another-mapper # company user IdentityFile ~/.ssh/id_ed25519.pub
Now the aliases points to different identity files.
In the local repository we have to switch the remote url to the alias.
git remote set-url origin "git@<user_2.gitlab.com>:lemapper/demo.git"
Demo: Check my local repository
tan@omega:~/development/projects/mapperking$ git remote -v aws ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/mapperking (fetch) aws ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/mapperking (push) origin firstname.lastname@example.org:cinhtau-website/mapperking.git (fetch) origin email@example.com:cinhtau-website/mapperking.git (push)
Now to switch it:
$ git remote set-url origin "git@<user_1.gitlab.com>:cinhtau-website/mapperking.git"
So in short:
- Use semantic alias names
- The alias is resolved to a configured user with identity file
This solved my git integration problems in my IDEs like IntelliJ and Atom.