The proper way to access a repository managed by gitlab is to add a public key.
First, you need to create a keypair: (these are the commands for a linux machine, and I believe they also work on windows if you have git for windows installed, which installs a cygwin environment)
cd ~/.ssh #create this dir if it's absent ssh-keygen -t rsa -b 2048 #i like 2048 bit rsa keys, but you could use -b 1024 instead
when prompted, give a name to the keyfile, let's say you called it "my_key" it will ask you for a passphrase. If you type one, the private key (see below) will be encrypted with that passphrase, so you will have to both have the keyfile installed properly AND type the passphrase to perform a git operation. You can also leave it blank, which is less secure but more convenient.
This generates ~/.ssh/my_key
and ~/.ssh/my_key.pub
. The .pub file is the public key, the other is the private key. You now need to do two things:
- Give the public key to the server
- Set up your ssh client to know about and use the private key
to do 1., open my_key.pub in an editor and copy the contents to the clipboard. Then, log in to gitlab through the web interface. In the upper right-hand corner, you will find a randomly generated picture, which if you hover over will give you two options: "My Profile", and "Logout". Click on the former. On the right of the resulting page, you'll see an "add public key" button. Click that, and you'll be presented with a page where you can paste the public key that you copied. Give it a name, click save, and you're done.
to do 2. (again, on linux) open (create if necessary) the file ~/.ssh/config
, and add the following line:
IdentityFile ~/.ssh/my_key
This tells ssh to try to use the private key when logging in to any site that tries to use key authentication.
Background on keys (in case you didn't know): the keys used by ssh are called asymmetric keys. There is a "public key" and a "private key", and they are generated as a pair (they're mathematically related). Anything encrypted using the public key can only be decrypted using the private key, and vice versa. ssh uses these for authentication: you give a server a public key and your client the private key which corresponds. When you try to log in, the server basically takes some random data, encrypts it with the public key, and sends it to the client. The client decrypts using the private key, and sends the original random data back to the server. The server then knows that you are the person you say you are (because your client was able to successfully decrypt.