Loading...

2023 cinhtau.de, All Rights Reserved.

By cinhtau / 12 May 2022 / operations / est. 2 min read

Use different accounts on a single GitLab instance

:heavy_exclamation_mark: This post is older than a year. Consider some information might not be accurate anymore. :heavy_exclamation_mark:

Used:   git version 2.25.1 

My scenario is that I have different users on GitLab.

For example:

  • Private user
  • Company user, with different groups
  • User x from Customer y

Each user has its own ssh key.

The Problem

The .ssh/config would only allow one identity/account to work.

Host localhost
  NoHostAuthenticationForLocalhost yes

Host git-codecommit.*.amazonaws.com
  User le-mapper
  IdentityFile ~/.ssh/id_rsa.pub

# GitLab.com
Host gitlab.com
  Preferredauthentications publickey
  User le-mapper
  IdentityFile ~/.ssh/id_rsa.pub

The git operation will fail for all other users with different identity files. For instance a repository for my company user, fetching with my identity file for my private user complains:

$ git fetch
remote: 
remote: ========================================================================
remote: 
remote: The project you were looking for could not be found or you don't have permission to view it.
remote: 
remote: ========================================================================
remote: 
fatal: Could not read from remote repository.

To examine the ssh communication with gitlab.com:

ssh -Tvvv git@gitlab.com

The Solution

Reading through the GitLab docs, it is possible to use multiple accounts for GitLab.

The trick is to use aliases for hosts in the ~.ssh/config file. For the Host, use an alias like user_1.gitlab.com and user_2.gitlab.com. You could also use the company name as an alias mycompany.gitlab.com.

# GitLab.com
Host <user_1.gitlab.com>
  Hostname gitlab.com
  Preferredauthentications publickey
  User le-mapper # private user
  IdentityFile ~/.ssh/id_rsa.pub

Host <user_2.gitlab.com>
  Hostname gitlab.com
  Preferredauthentications publickey
  User another-mapper # company user
  IdentityFile ~/.ssh/id_ed25519.pub

Now the aliases points to different identity files.

In the local repository we have to switch the remote url to the alias.

For instance

git remote set-url origin "git@<user_2.gitlab.com>:lemapper/demo.git"

Demo: Check my local repository

tan@omega:~/development/projects/mapperking$ git remote -v
aws     ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/mapperking (fetch)
aws     ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/mapperking (push)
origin  git@gitlab.com:cinhtau-website/mapperking.git (fetch)
origin  git@gitlab.com:cinhtau-website/mapperking.git (push)

Now to switch it:

$ git remote set-url origin "git@<user_1.gitlab.com>:cinhtau-website/mapperking.git"

Summary

So in short:

  • Use semantic alias names
  • The alias is resolved to a configured user with identity file

This solved my git integration problems in my IDEs like IntelliJ and Atom.

Sources:

git

Author

author-portrait
Tan-Vinh Nguyen

The happiest people don't have the best of everything, they just make the best of everything they have.
Birth, Development, in Progress ...

Please remember the terms for blog comments.