I'm using gitosis to host a git repository on my home server.
I've set it up to accept three SSH keys: my main one (passphraseless) with read/write access, my passphrased one (which I'm more comfortable putting on servers other people have root on) with read/write access, and a third key with only read access.
The idea is that on the remote host (which I don't own, so someone else has root on it) I can have my passphrased private key and the third (read only) key, and then on that machine I can pull without a password and push back using the passphrased key.
Gitosis is fine with it and will accept either key with the correct permissions. But I can't get things working the way I want when I'm using both keys. I'm pointing to them in my SSH configuration -- in ~/.ssh/config on the remote host I have the following:
Host *
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_rsa.passphrase
When I pull or clone that's just fine -- the operation completes without prompting me for a password. But when I push I get a message saying that I don't have permission. It has clearly only tried the first key file.
If I swap the two IdentityFile lines I get prompted for a password whether I'm pushing or pulling. So it's still only trying the first key file.
Is there a way to get the behaviour I want -- that is, to have it use one key file when doing push and other write operations and the other when doing read-only operations?
You can set up multiple remotes to do this. Each remote can have a different url. Your urls can be configured in your .ssh/config file to point to wherever you like and use whatever key you want.