Gitlab mirroring repositories with ssh agent-forwarding

Does Gitlab supports mirroring repositories with ssh agent forwarding?

Example scenario

Source GIT → proxy1(auths with SSH key) → Destination GIT (auths with ssh-key from ssh-agent, from source GIT) (agent forwarding)


The Gitlab documentation explains the mirroring feature: Repository mirroring | GitLab

and it does mention ssh:

My mirror has ssh://, but that key is used only when i’m connecting to the proxy…


  1. Source Git connects to Proxy with ssh-key
  2. Proxy check that ssh-key is valid for specific user, and allows or deny connection to destination GIT
  3. If connection is accepted, destination GIT, is also expecting ssh-key, which can be delivered via agent forwarding

Is there any to specify options while mirror repository?

When i click “Update Now” in Setting → Repository → Mirroring Repositories, gitaly? is spawning new ssh process

ssh -oIdentitiesOnly=yes -oIdentityFile=/tmp/gitaly-ssh-invocationXXXXXX/ssh-key -oStrictHostKeyChecking=yes -oCheckHostIP=no -oUserKnownHostsFile=/tmp/gitaly-ssh-invocationXXXXXXXXX/known-hosts -o SendEnv=GIT_PROTOCOL USER@SOME_DNS_NAME git-upload-pack ‘/public/some-application’

for ssh agent, that command should look like below

ssh -A -T -oIdentityFile=/tmp/gitaly-ssh-invocationXXXXXX/ssh-key -oStrictHostKeyChecking=yes -oCheckHostIP=no -oUserKnownHostsFile=/tmp/gitaly-ssh-invocationXXXXXXXXX/known-hosts -o SendEnv=GIT_PROTOCOL USER@SOME_DNS_NAME git-upload-pack ‘/public/some-application’

also there must be available variable SSH_AUTH_SOCK with valid path to agent socket