I want to access from one user/client combination (say, user1@cl
) to a user/server combination (say, user2@srv
) via ssh, with two different types of Access:
Access type #1 would be restricted to interactions with a bazaar repository.
For this, I added a line (#1) in ~user2/.ssh/authorized_keys
like
command="bzr serve --inet --directory=/repodir --allow-writes",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa ... user1@cl
Access type #2 would be a login shell.
For this, I added a "usual" line (#2) in ~user2/.ssh/authorized_keys
like
ssh-rsa ... user1@cl
As I understand, and as I tested, both lines cannot be used simultaneously.
I.e., if line #1 appears first in ~user2/.ssh/authorized_keys
, then I would be able to interact with the bzr repo, but I will not be able to do
[user1@cl]$ ssh user2@srv
If line #2 appears first in ~user2/.ssh/authorized_keys
, then I would be able to do ssh
, but any bzr
operation gives
bzr: ERROR: Not a branch ...
Is there any way to work this out?
I am using RHEL7, but I guess this is not important.
Related posts (but not addressing my case, as I understand):
Best way to use multiple SSH private keys on one client
https://serverfault.com/questions/142997/what-options-can-be-put-into-a-ssh-authorized-keys-file
https://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands
https://askubuntu.com/questions/1962/how-can-multiple-private-keys-be-used-with-ssh
I made it work, with two different key pairs (say, pair 1 for bzr
and pair 2 for ssh
login).
I added the corresponding lines in ~user2/.ssh/authorized_keys
.
The private key 1 was stored in file id_rsa
(which is read by default),
and the private key 2 was stored in file id_rsa_ssh
.
Then, bzr
was working normally, and for logging in I use
[user1@cl]$ ssh -i id_rsa_ssh user2@srv
which indicates using an alternative identity.