Is it normal that any user with a SSH key can clone a private git repository using SSH? I thought that since a project was private, it would only be available to the user that created it along with users granted access to it?
Granted, a normal user won’t be able to see the SSH git URL to the private project, but if it is given to him by someone with permission to the project, it can be cloned by any user with a SSH key configured?
The SSH user is always git@server
So, the user is git… is this normal for the community edition hosted on our own server? We’re using an embedded package of GitLab CE. The user git can be used by anyone that has a SSH key configured since the keys are conglomerated for the git Linux user.
Should I be worried about this? Is this normal or do I have it configured incorrectly?