Loading...

Use different accounts on a single GitLab instance

Used:   git version 2.25.1 

My scenario is that I have different users on GitLab.

For example:

  • Private user
  • Company user, with different groups
  • User x from Customer y

Each user has its own ssh key.

The Problem

The .ssh/config would only allow one identity/account to work.

Host localhost
  NoHostAuthenticationForLocalhost yes

Host git-codecommit.*.amazonaws.com
  User le-mapper
  IdentityFile ~/.ssh/id_rsa.pub

# GitLab.com
Host gitlab.com
  Preferredauthentications publickey
  User le-mapper
  IdentityFile ~/.ssh/id_rsa.pub  

The git operation will fail for all other users with different identity files. For instance a repository for my company user, fetching with my identity file for my private user complains:

$ git fetch
remote: 
remote: ========================================================================
remote: 
remote: The project you were looking for could not be found or you don't have permission to view it.
remote: 
remote: ========================================================================
remote: 
fatal: Could not read from remote repository.

To examine the ssh communication with gitlab.com:

ssh -Tvvv git@gitlab.com

The Solution

Reading through the GitLab docs, it is possible to use multiple accounts for GitLab.

The trick is to use aliases for hosts in the ~.ssh/config file. For the Host, use an alias like user_1.gitlab.com and user_2.gitlab.com. You could also use the company name as an alias mycompany.gitlab.com.

# GitLab.com
Host <user_1.gitlab.com>
  Hostname gitlab.com
  Preferredauthentications publickey
  User le-mapper # private user
  IdentityFile ~/.ssh/id_rsa.pub

Host <user_2.gitlab.com>
  Hostname gitlab.com
  Preferredauthentications publickey
  User another-mapper # company user
  IdentityFile ~/.ssh/id_ed25519.pub

Now the aliases points to different identity files.

In the local repository we have to switch the remote url to the alias.

For instance

git remote set-url origin "git@<user_2.gitlab.com>:lemapper/demo.git"

Demo: Check my local repository

tan@omega:~/development/projects/mapperking$ git remote -v
aws     ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/mapperking (fetch)
aws     ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/mapperking (push)
origin  git@gitlab.com:cinhtau-website/mapperking.git (fetch)
origin  git@gitlab.com:cinhtau-website/mapperking.git (push)

Now to switch it:

$ git remote set-url origin "git@<user_1.gitlab.com>:cinhtau-website/mapperking.git"

Summary

So in short:

  • Use semantic alias names
  • The alias is resolved to a configured user with identity file

This solved my git integration problems in my IDEs like IntelliJ and Atom.

Sources:

git
Please remember the terms for blog comments.