Hi to everybody,
we would like to use our gitlab doing clone/push/pull over ssh, that’s a think that we know that works if we introduce the ssh-key in /profile/keys, the question is if it’s possible to do clone/push/pulls using basic ssh authentication (giving ssh password of git user), we used to did it using Gitlab version 11 changing the home directory of the git user to the repositories folder, but since (version 13) the repositories folder is hashed and this doesn’t works.
I expect that password authentication via SSH has been dropped in newer versions for security reasons. Without adding an SSH key (or alternatively access token) it won’t be possible to push to a repository. If the repository is private, then it won’t be possible to clone, pull or push.
You have two options. One is utilising SSH keys which is by far more secure than utilising passwords - especially if it is the same user login that each user is using. The other option is using access token instead of SSH keys. When using access-tokens you can push/pull/clone via HTTPS instead of using SSH. These can be generated under the user profile settings in the access token section.
Yes @aljaxus, I’m talking about pre-production and production machines where all users compile using the same user (for example user tomcat), I’m thinking to generate ssh keys for tomcat user in each deployment machine so they could do clone/push/pull with any problem.
I have not clue how your org / company operates and what your workflows are, but imho each user should have their own SSH keypair - that’s how it’s designed to be used. For deployment machines, you can just create deployment keypairs.
I assume that each user has their own account on your Gitlab instance, they should just add the public key from their keypair. They can then push/pull to repositories that they maintain.
Each deployment machine has their own keypair (or they can share them - suit it yourself) and you can add deployment keys to your Gitlab instance on instance / groups / project level.
Each repository can then allow pull|push actions for specific deployment keys, so your applications can run specific actions against your repos.
You can achieve that by just adding a deployment key, to that specific user, which has push rights. You don’t need a single global keypair for everything.
You can imagine deployment keys like a separate user - it’s just that the user in your gitlab’s DB doesn’t exist, only the “permission to perform actions against a repo” does.
You can add global deployment public keys in /admin/deploy_keys section. Then every project can just add the needed permissions to them. For example, you only need pull access from one repo, but you need to push compiled binaries to another one - give push&pull permissions for that key in the second repo and just pull in the first one.