On Thu, Jan 04, 2018 at 01:08:28AM +0100, Ævar Arnfjörð Bjarmason wrote:
> Hopefully this is clearer, and depending on how the rest of the > discussion goes I'll submit v2 with something like this in the commit > message: > > SSH keys A and B are known to the remote service, and used to identify > two different users. > > A can only push to repository X, and B can only fetch from repository Y. > > Thus, if you have a script that does: > > GIT_SSH_COMMAND="ssh -i A -i B" git ... > > It'll always fail for pulling from X, and pushing to Y. Supply: > > GIT_SSH_COMMAND="ssh -i B -i A" git ... > > And now pulling will work, but pushing won't. I get that you may have two different keys to go with two different identities on a remote system. But I'm not sure I understand why "sending" or "receiving" is the right way to split those up. Wouldn't you also sometimes want to fetch from repository X? IOW, wouldn't you want to tie identity "A" to repository "X", and "B" to repository "Y? > So now I just have a GIT_SSH_COMMAND that dispatches to different keys > depending on the operation, as noted in the commit message, and I can > assure you that without that logic it doesn't work. You mentioned host aliases later, which is the solution I've seen in the wild. And then you can map each remote to a different host alias. -Peff
