From a3677b36a12a120481479a1f96e504831b8733e2 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mon, 1 Mar 2021 13:16:18 +0100
Subject: [PATCH] distgit: start working on moving dist-git to use git@ for ssh

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
---
 inventory/group_vars/pkgs_stg       | 3 +++
 roles/basessh/templates/sshd_config | 7 ++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/inventory/group_vars/pkgs_stg b/inventory/group_vars/pkgs_stg
index 752a8cfff8..91fc2026ee 100644
--- a/inventory/group_vars/pkgs_stg
+++ b/inventory/group_vars/pkgs_stg
@@ -11,6 +11,9 @@ wsgi_threads: 4
 
 pagure_static_uid: 600
 
+# Configures ssh for git@ user
+sshd_keyhelper: true
+
 # We have both celery (pagure_worker) and web thread wanting to send out fedmsg's.
 # To make things easy on the listening side (so avoid contention of binding ports), let's set the pkgs boxes to active fedmsg.
 fedmsg_active: True
diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 3e52530532..cc3485a118 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -51,9 +51,10 @@ AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 AcceptEnv XMODIFIERS
 
 {% if sshd_keyhelper %}
-# For repospanner/git
-AuthorizedKeysCommandUser git
-AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
+# For git
+Match User git
+   AuthorizedKeysCommandUser git
+   AuthorizedKeysCommand /usr/libexec/pagure/keyhelper.py "%u" "%h" "%t" "%f"
 {% elif env == 'staging' and not sshd_keyhelper %}
 AuthorizedKeysCommandUser nobody
 AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys