I want to access from one user/client combination (say, user1@cl) to a user/server combination (say, user2@srv) via ssh, with two different types of Access:
Access type #1 would be restricted to interactions with a bazaar repository. For this, I added a line (#1) in
~user2/.ssh/authorized_keyslikecommand="bzr serve --inet --directory=/repodir --allow-writes",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa ... user1@clAccess type #2 would be a login shell. For this, I added a "usual" line (#2) in
~user2/.ssh/authorized_keyslikessh-rsa ... user1@cl
As I understand, and as I tested, both lines cannot be used simultaneously.
I.e., if line #1 appears first in ~user2/.ssh/authorized_keys, then I would be able to interact with the bzr repo, but I will not be able to do
[user1@cl]$ ssh user2@srv
If line #2 appears first in ~user2/.ssh/authorized_keys, then I would be able to do ssh, but any bzr operation gives
bzr: ERROR: Not a branch ...
Is there any way to work this out?
I am using RHEL7, but I guess this is not important.
Related posts (but not addressing my case, as I understand):
Best way to use multiple SSH private keys on one client
https://serverfault.com/questions/142997/what-options-can-be-put-into-a-ssh-authorized-keys-file
https://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands
https://askubuntu.com/questions/1962/how-can-multiple-private-keys-be-used-with-ssh
I made it work, with two different key pairs (say, pair 1 for
bzrand pair 2 forsshlogin). I added the corresponding lines in~user2/.ssh/authorized_keys. The private key 1 was stored in fileid_rsa(which is read by default), and the private key 2 was stored in fileid_rsa_ssh.Then,
bzrwas working normally, and for logging in I usewhich indicates using an alternative identity.