Gitolite clone not working as intended

Being able to access gitolite@server:~/repositories/gitolite-admin.git, but not gitolite@server:gitolite-admin indicates you are not going “through” Gitolite, but just using plain SSH-based access to the gitolite user.

If ssh gitolite@server echo normal access yields normal access, then the key you are using is not restricted to going through Gitolite. If you were going through Gitolite you would see something like bad command: echo normal access.

This can happen if you have a key that you use to SSH into the gitolite user itself and you try to use that same key to authenticate as a Gitolite user. A “normal access” key will be present in gitolite’s .ssh/authorized_keys without any special prefix. The line for a key that is configured to go through Gitolite will start like command="/path/to/gl-auth-command gitolite-username",….

If you need normal SSH-based access to the gitolite user and Gitolite-based access, then you should setup separate keys for those purposes so that you can specify which key you want to use with IdentityFile options in your .ssh/config file (maybe also IdentitiesOnly if you find that ssh is using the “wrong” key just because you already have it loaded in your ssh-agent).

For example:

Use one of your “default” keys (one of ssh’s defaults (e.g. ~/.ssh/id_rsa) or some key that you usually have loaded in your ssh-agent) to access Gitolite (i.e. you have the public key in the active keydir/your-gitolite-user-name.pub).

Generate ~/.ssh/gitolite-user for use in directly logging into the gitolite user. Use ssh -i ~/.ssh/gitolite-user gitolite@server to login. Or, add a custom entry to ~/.ssh/config:

Host gitolite-user
              User gitolite
          HostName server
      IdentityFile ~/.ssh/gitolite-user
    IdentitiesOnly yes

so you can just do ssh gitolite-user to login.