mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-10 16:44:50 -05:00
Share SSH key between accounts #11587
Closed
opened 2025-11-02 09:41:49 -06:00 by GiteaMirror
·
23 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
No Label
type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#11587
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @crabdancing on GitHub (Sep 4, 2023).
Feature Description
Currently, Gitea relies on the SSH key itself to figure out which account you're logging in as. This is something of a de facto standard with SSH git accounts, but it seems unnecessarily limiting. Since Gitea has an internal git server, there's in principle no reason we couldn't use the account name provided via SSH protocol have multiple accounts share the same git key, and ID by git 'account name' instead of key. This significantly improves flexibility, when setting up nontrivial secure passwordless local development environments, allowing an intersection of resource access, with access authorization being denoted by being given a specific keypair.
Screenshots
No response
@lunny commented on GitHub (Sep 4, 2023):
I don't know how it works. Once two public keys matched, which user should we think it is doing?
@crabdancing commented on GitHub (Sep 4, 2023):
If the user signs in as, e.g.,
alice@git.something.com, then you look for an account name exactly matchingalice. For backward compatibility, if the SSH name isgit, you revert to trying to match by key instead of by git name.@lunny commented on GitHub (Sep 5, 2023):
It's impossible from technique.
@CaiCandong commented on GitHub (Sep 5, 2023):
@alxpettit I guess your question is, "How To Set Up Multiple SSH Keys on Your Computer"?
https://betterprogramming.pub/how-to-set-up-multiple-ssh-keys-ae6688f76570
@amrsoll commented on GitHub (Sep 5, 2023):
@alxpettit You should consider making multiple ssh keypairs instead of using a single ssh keypair to auth as 2 different users. It is fundamentally the opposite intent to using private-public encryption keypairs.
✔️ One user can have multiple ssh keys
❌ Multiple users share one ssh keypair
They are not 'git keys', and it is not a limitation of git (as you point out) but a limitation of the security scheme.
You could generate a new key pair for every user you choose to generate for your dev environment. By tweaking
.ssh/config, you can create a host definition for each use case, using a different ssh key previously generatedYou can then setup multiple remotes in git, each one would be pushing as a different user
Then use the remotes with the git actions
See StackOverflow for more info on how to setup the ssh config file and use it with git
@wxiaoguang commented on GitHub (Sep 5, 2023):
Duplicate of #21141
SSH key shouldn't be shared by different users.
@lunny commented on GitHub (Sep 5, 2023):
I think this could be closed as it's impossible.
@crabdancing commented on GitHub (Sep 6, 2023):
This is far from impossible, but okay...
@wxiaoguang commented on GitHub (Sep 6, 2023):
If you think it is possible, you could try to write some code to implement it to see whether it is really possible at the moment.
@crabdancing commented on GitHub (Sep 6, 2023):
For context, I am a NixOS user, managing dozens of systems, each of which have their own SSH keys. If I had a single SSH key per Gitea user account, per computer, I would multiply the keys by a factor of at least 4. Given that there's already 10 machines, and more being added to the cluster, the solutions posited here are frankly somewhat ridiculous. (Also a little condescending to assume I don't know how to use SSH.)
I can automatically generate a keypair for every Gitea user on every machine, and then write code specifically to pull the keypairs for every user on every machine that ought to have access to a specific git resource, and integrate it into the database via the available shell commands -- and then additionally make sure that's updated when keys expire. It seems much simpler to just share the damn key across multiple Gitea user accounts, in contexts where a given machine has the same security profile and trust level.
I understand that perhaps Gitea is written into a corner on this one and it would be prohibitively difficult to do the necessary refactoring to implement, but honestly I wish people would have just said that, instead of inexplicably trying to teach me the basics of SSH or flatly declare it impossible.
@wxiaoguang commented on GitHub (Sep 6, 2023):
There is "deploy key" feature, which is not limited to any user.
@crabdancing commented on GitHub (Sep 6, 2023):
So, my understanding is:
Gitea users are the only way to acquire access to resources
Although Gitea supports asymmetric cryptographic keys, it does not want to make a distinction between the key, and the user with which that key is associated.
Therefore, scenarios where resources are shared with minimum duplication of entries are impossible without significant refactoring.
To get an idea of what I am trying to implement, and why it would be troublesome to implement, see this diagram:
I would, given what I currently know about Gitea (which may well be incomplete. I would be happy to be informed otherwise), presumably have to do something like this:
This is of course, ridiculous.
The only alternative I can think of is to share the SSH keys across machines -- having a single SSH key per resource, instead of per which imposes several unreasonable limitations on this security model. For one, if a single machine is suspected of being compromised, the SSH key must be revoked for all the machines, and then a replacement must be redistributed.
Or I could have an instance of Gitea for every resource. But that's even more absurd.
@crabdancing commented on GitHub (Sep 6, 2023):
Deploy key? This is news to me! So I could have them be per-project, and forego the accounts entirely? Sorry, I must have missed that. I guess my use case may be covered after all. Thank you for informing me @wxiaoguang!
@wxiaoguang commented on GitHub (Sep 6, 2023):
Almost, except "Deploy Key" or some other internal mechanisms.
Gitea distinguishes the SSH keys. Each SSH key should bind to a user (except Deploy Key).
Then, Gitea needs to use the "SSH key user" to find their org / team / repo, etc, to check permissions.
And at the moment, Gitea also supports external SSH server (OpenSSH), which has to only use one pre-defined SSH user to communicate (eg:
git@git-server, but notany-user@git-server).If you would like to "share" SSH keys between users, then:
None of these problem looks like an easy "possible" problem. They might be able to be done, but the question is the balance of the feasibility / benefit / cost.
@wxiaoguang commented on GitHub (Sep 6, 2023):
The "Deploy Key" feature is here:
@crabdancing commented on GitHub (Sep 6, 2023):
Yup. Thanks :)
Looks like the reason I missed it, is because I didn't realize it allowed for write access. That's super useful! :)
Thank you for your time.
@crabdancing commented on GitHub (Sep 6, 2023):
Err... may have celebrated a bit too early. What am I doing wrong?
Edit: looks like it's exactly what it says on the tin. I would have expected to be able to use my primary machine key as a deploy key, but I guess I'm going to have to make sure they're not attached to any of the Gitea accounts. Doesn't seem like too much of a complication though 🤔
Edit 2: Looks like the deploy keys can't be controlled through the Gitea command line interface, so if I have, say, thirty projects and I'm trying to synchronize 4 machine keys on all of them, this may become prohibitively difficult after all. Is there a solution to this?
@amrsoll commented on GitHub (Sep 6, 2023):
One would usually understand that you were binding real peoples accounts to a single ssh key. Albeit not being the case, it still merited the clarification.
Is one distinct account+ssh key/machine not sufficient for your use case? Say user_machine1 has ssk_key1 and granted permission to ressouce 1 and 2 in your example. It is less elegant than the deploy key but probably accessible through the API
@wxiaoguang commented on GitHub (Sep 6, 2023):
I think maybe it could add some APIs for managing the deploy keys?
@crabdancing commented on GitHub (Sep 6, 2023):
So, if I have 50 machines & 50 resources, I simply automatically create 2500 accounts? That would technically work, but the scalability is simply not there. The number of accounts grows as the product of machines & resources.
@amrsoll commented on GitHub (Sep 6, 2023):
No, I was thinking 1 account per machine. Those accounts would have access to however many resources they are allowed to. Each of those accounts have 1 key, i.e. 1 key per machine.
@crabdancing commented on GitHub (Sep 6, 2023):
Yes, that's what I was trying to do initially.
@crabdancing commented on GitHub (Sep 6, 2023):
An API for managing deploy keys would be great. I suggested doing this via terminal interface in this issue, but if another implementation would be preferred, that's fine too. Let me know what your thoughts are! :)