0

I want to access from one user/client combination (say, user1@cl) to a user/server combination (say, user2@srv) via ssh, with two different types of Access:

  1. Access type #1 would be restricted to interactions with a bazaar repository. For this, I added a line (#1) in ~user2/.ssh/authorized_keys like 

    command="bzr serve --inet --directory=/repodir --allow-writes",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-rsa ... user1@cl

  2. Access type #2 would be a login shell. For this, I added a "usual" line (#2) in ~user2/.ssh/authorized_keys like 

    ssh-rsa ... user1@cl

As I understand, and as I tested, both lines cannot be used simultaneously. I.e., if line #1 appears first in ~user2/.ssh/authorized_keys, then I would be able to interact with the bzr repo, but I will not be able to do

[user1@cl]$ ssh user2@srv

If line #2 appears first in ~user2/.ssh/authorized_keys, then I would be able to do ssh, but any bzr operation gives

bzr: ERROR: Not a branch ...

Is there any way to work this out?

Related posts (but not addressing my case, as I understand):

https://stackoverflow.com/questions/2419566/best-way-to-use-multiple-ssh-private-keys-on-one-client

https://serverfault.com/questions/142997/what-options-can-be-put-into-a-ssh-authorized-keys-file

https://serverfault.com/questions/749474/ssh-authorized-keys-command-option-multiple-commands

How can multiple private keys be used with ssh?

sancho.s ReinstateMonicaCellio
  • 15,307

1 Answers1

0

I made it work, with two different key pairs (say, pair 1 for bzr and pair 2 for ssh login). I added the corresponding lines in ~user2/.ssh/authorized_keys. The private key 1 was stored in file id_rsa (which is read by default), and the private key 2 was stored in file id_rsa_ssh.

Then, bzr was working normally, and for logging in I use

[user1@cl]$ ssh -i id_rsa_ssh user2@srv

which indicates using an alternative identity.

sancho.s ReinstateMonicaCellio
  • 15,307