This question has already been answered:

The latest version of GitLab (9.2.5) is installed on a virtual machine with Ubuntu 16.04 on the local network. I did the initial setup on the guide from the GitLab site and then received Let's encrypt the certificate, on the guide: Ports 443 and 22 are displayed outside, an a-record is registered in the public domain, and https://gitlab0.junecat.ru is opened. Moreover, I started users, projects, and started working, however, during any operation I have to choose https as a protocol.

  • how to fix work with git protocol?

Here is a demonstration of the problem with this protocol, I took a “clean” machine with Win 7, put putty and Git for windows on it.

Then I checked first - that I can connect via putty to the 22nd port of the host gitlab0.junecat.ru. Then I configured the global parameters git - config user.name and user.email

Then I tried to clone the repository on this new Win7 - machine, here is a screenshot and all the messages as text:

C:> mkdir GitProjects

C:> cd GitProjects

C: \ GitProjects> git clone git@GitLab0.junecat.ru: konst / TradingG0_Solution.git

Cloning into 'TradingG0_Solution' ...

The authenticity of host 'gitlab0.junecat.ru (77.246.237.76)' can't be established.

ECDSA key fingerprint is SHA256: 8dMOgDXYjZWRj + bqEacWKTt00uppdB1A2cL / 0GL4Ua8.

Are you sure you want to continue connecting (yes / no)? yes

Warning: Permanently added 'gitlab0.junecat.ru, 77.246.237.76' (ECDSA) to the list of known hosts.

git@gitlab0.junecat.ru's password:

Permission denied, please try again.

git@gitlab0.junecat.ru's password:

Pay attention to the following points:

1) The link I use for cloning is taken from my GitLab. Here are the links for both protocols:

git: git@GitLab0.junecat.ru: konst / TradingG0_Solution.git

https: https: //tst@GitLab0.junecat.ru/konst/TradingG0_Solution.git

When cloning, the user was not asked, only the password. moreover, the link starts with git @ - is this generally correct? such user, if anything, is not in the system. The user name, on behalf of the kogtorgo I work - tst, it is clearly visible in the https - link.

You may ask "why do you need git at all, work through https". But when working on https with push, a password is always requested. And I need to import large projects from SVN, and for automation I would like to write scripts that I will allow to push without a password.

enter image description here

Reported as a duplicate member Nick Volynkin Jun 22 '17 at 4:33 .

A similar question was asked earlier and an answer has already been received. If the answers provided are not exhaustive, please ask a new question .

  • 3
    I do not see anywhere what you would write about how you generated a private key and added it to the gatelab. - KoVadim
  • I really added a private key to the gitlab. More precisely, I generated the key and added its public part to the guitar. But this did not happen on the test machine, on which I demonstrated the problem! That is why the question is: I don’t understand the mechanics of how these keys work. I added it because GitLab screamed "add a key, add a key". How does this key relate to the machine on which SSH access occurs? - SH
  • then check from your local machine ssh -T git@gitlab0.junecat.ru . It should work fine. (yes, it's better to use git-bash, not git-cmd) - KoVadim
  • No, from the local machine - does not work. GitBash - now on the test machine I will switch to it and on the test machine I will make a new pair (public - private) of keys - SH
  • On the local machine, the picture is: C: \ Users \ davydov> ssh -T git@gitlab0.junecat.ru The authenticity of the host 'gitlab0.junecat.ru (192.168.10.57)' can't be established. RSA key fingerprint is de: 4d: e5: 9b: dc: 40: 0f: a1: de: e9: 65: fd: 1b: 8f: 89: 54. Are you sure you want to continue connecting (yes / no)? yes Warning: Permanently added 'gitlab0.junecat.ru, 192.168.10.57' (RSA) to the list of known hosts. git@gitlab0.junecat.ru's password: Permission denied, please try again. git@gitlab0.junecat.ru's password: Permission denied, please try again. git@gitlab0.junecat.ru's password: - SH

2 answers 2

I do not understand the mechanics of these keys

in a simplified way and without mentioning (for simplicity) of several important steps:

  1. The client generates a pair of keys: public and private. they are related to the fact that the encrypted using this public key can only be decrypted using this private key (and vice versa - the encrypted data with the private key can only be decrypted using this public key).
  2. when connecting to the ssh server, the ssh client presents its public key.
  3. the server makes sure that the public key it received is present among those who have been granted access, encrypts some random byte sequence with this public key, and sends it back to the client.
  4. the client decrypts the message sent (this can be done only with the help of the private key he has) and sends it back.
  5. the server compares it with the original random sequence, and thus makes sure that the client really has the given secret key.
  • Thank! And a small addition that I just missed: as a rule, a “client” is a “client computer”, and for each client computer, the procedure for generating a key pair (and adding the public part of the key to the gatelab) must be done separately. - SH
  • This is not a prerequisite. the key (both parts) can be copied from one client to another. from the point of view of “harsh security”, this is probably bad, but from a technical point of view it is more than efficient. - aleksandr barakin
  • Generally speaking, yes. Rather, it is important to understand that they must be present on the computer. And for the beginner the easiest way is to simply generate them. - SH

Gentlemen, user KoVadim gave me a very valuable hint. He wrote "I never saw anywhere that you generated and added SSH keys in GitLab".

It's true.

Now - as the veil of eyes slept.

I was misled by the fact that I did it at all, but not for the car on which I conducted the tests.

That is, when a person wants to work from his MyComp computer with a gitlab using the SSH protocol, he must perform the key generation procedure on this MyComp computer as described , in my case, also correct the PATH in order for the ssh command to work from the command line.

Then you need to go to your profile on GitLab and add the public part of the key there.

And after that - no password will be needed anymore, the git clone command will work right away. See the picture, how I generated the key and how the behavior changed after adding the key: enter image description here Thank!