I think if a team member's local repo is leaked , the "access rights reporting" may leak the server's git version and other repos' name. Is it true? Could I disable the "access rights reporting"?
Access rights reporting: Another convenient feature is what happens when you try and just ssh to the server. Gitolite shows you what repos you have access to, and what that access may be. Here’s an example:
hello scott, this is git@git running gitolite3 v3.01-18-g9609868 on git 1.7.4.4 R anu-wsd R entrans R W git-notes R W gitolite R W gitolite-admin R indic_web_input R shreelipi_converter
If try to login the server use "ssh git@git", will also get this result.
you will know all the accessible repos
Only scott would know the accessible repos, so no leak here.
I may not clone all the accessible repos on the same client, but I would like to use the same SSH key
Use the same SSH key on different client is not the best practice, as the private ssh key is no longer "private" (to a user and a client), and revoking it would cancel access from all clients.
Still, only scott would get access to that list of repos from any client, so no leak there either.
If try to login the server use "ssh git@git", will also get this result.
Any ssh request to a gitolite server always use the same account (here git). You are authenticated through your public ssh kays what was registered in the gitolite-admin/keydir repo: see "basic admin".