Geo: When pushing over SSH to a secondary with git-lfs enabled, the user is prompted for HTTP auth

When pushing over SSH to a secondary with git-lfs enabled, the JSON auth blob that is returned from POST /internal/lfs_authenticate, contains credentials & href designed for the secondary. The fragment needs to contain credentials & href designed for the primary.

e.g.

Primary

upload

$ ssh -p 2221 -- ash@ee-secondary1.local git-lfs-authenticate root/test.git upload
{"header":{"Authorization":"Basic abc123"},"href":"https://ee-primary.local/root/test.git/info/lfs/"}

Secondary

upload

$ ssh -p 2222 -- ash@ee-secondary1.local git-lfs-authenticate root/test.git upload
{"header":{"Authorization":"Basic def456"},"href":"https://ee-secondary1.local/root/test.git/info/lfs/"}

It's also worth noting, that when downloading LFS objects, we should still return the secondary URL to keep the operation as fast as possible:

download

$ ssh -p 2222 -- ash@ee-secondary1.local git-lfs-authenticate root/test.git download
{"header":{"Authorization":"Basic def456"},"href":"https://ee-secondary1.local/root/test.git/info/lfs/"}

To work correctly, the secondary must return the same JSON auth blob as the primary.