When we introduced GitLab, you had to type username and password each time you wanted to push any modification to the remote repository. This is because we used the HTTPS protocol to establish the communication with the GitLab server. This might be annoying, especially during the Coding Weeks, when you'll use GitLab everyday.

An alternative that avoids the use of username and password is to establish a SSH connection with the server with public key cryptography authentication. It is based on the following idea:

• We generate a pair of SSH keys, one public and the other private.
• We copy the public key to our account on GitLab, while we keep the private key securely stored on our computer. Private keys must not be shared with anyone .

When we type the command git push, the SSH client running on our computer tries to establish a SSH connection with the SSH server running on GitLab. The following procedure is executed to authenticate us (i.e., to make sure we are who we claim to be):

• The SSH server generates some random data, known as a challenge, and encrypts it by using our public key.
• The SSH server sends the encrypted challenge back to the SSH client.
• The SSH client uses the corresponding private key to decrypt the challenge and sends it back to the SSH server.
• The SSH server compares the decrypted message received by the client with the challenge: if they match, we are successfully authenticated without the need of typing username and password.

We explain now how to:

1. Generate a public/private SSH key pair.

2. Add the public key to a GitLab account.

3. Verify that you can connect.

Generate a public/private SSH key pair

You can generate a pair of SSH keys as follows:

• Type command ssh-keygen -t rsa -C "<comment>". Replace "<comment>" with some annotation of yours (e.g., GitLab keys).
  • rsa is the name of a cryptographic algorithm that is used to generate the keys.
• Press the Return key; you'll be prompted to specify a file in which to save the key. Press the Return key to accept the proposed filename.
• If a message informs you that the filename exists, you already have a SSH key pair. Choose not to overwrite the file and interrupt the procedure.
• If you didn't interrupt the procedure at the previous step, you'll be prompted to enter a passphrase.
  • The passphrase is used to protect the private key from unauthorized uses. When you open a terminal and establish a first SSH connection to the GitLab server, you'll be asked to enter the passphrase. As long as you don't close your terminal, the passphrase won't be needed for future SSH connections.

Add the public key to a GitLab account

You first need to copy the content of file id_rsa.pub, which contains the public key.

Now you need to paste the public key into your GitLab account, as follows:

• Sign in to GitLab.
• On the left sidebar, select your avatar. If the left sidebar is not visible, click on the icon at the left of the phrase "Your work" (in the top left-hand corner).
• Select Edit profile.
• On the left sidebar, select SSH Keys.
• Select Add new key.
• In the Key box, paste the contents of your public key.
• In the Title box, type a description (e.g., keys on my laptop).
• Optionally, you can update the expiration date.
• Select Add key.

Verify that you can connect

• Type command ssh -T git@gitlab-student.centralesupelec.fr
• If you connect for the first time, you're prompted to verify the identity of the server with a given fingerprint. Check whether the given fingerprint matches one of those listed in this page. For this verification, remember that you used RSA to generate your SSH keys.
• If you successfully verified the identity of the server, type yes in the terminal and press the Return key.
• Type command ssh -T git@gitlab-student.centralesupelec.fr again. You should receive a welcome message.