... | ... | @@ -22,6 +22,44 @@ |
|
|
|
|
|
# FAQ - Frequently Asked Questions
|
|
|
|
|
|
## How to not have to type a password for every git operation
|
|
|
|
|
|
First of all to avoid having to type login/password each type, the best is to use git over ssh rather than git over https (see below for git over http)
|
|
|
|
|
|
On your local computer:
|
|
|
|
|
|
* git relies on ssh for the connexion to the gitlab's git server
|
|
|
|
|
|
* ssh uses your ssh private key to authenticate to the gitlab's git server
|
|
|
|
|
|
* your ssh private key is stored in your home, on your local computer's hard disk. This ssh private needs to be crypted, so that if your local computer is breached or stollen, the key cannot be used. This is the reason why it is crypted with a so-called "passphrase". This passphrase is actually a password, but you are encouraged to use something longer and more complex than a password (beacuse if this passphrase is "cracked", it can lead to a breach on many servers, so from the security point of view, it is critical)
|
|
|
|
|
|
Up to now, everything works correctly, but you have to type your ssh passphrase each time you connect by ssh, thus at each git operation involving the remote git server (push, pulls, ...)
|
|
|
|
|
|
The ssh-agent's role is to avoid that: it is a software running in background on your local computer. Each time your local ssh client needs to connect to a server, if it detects a running ssh-agent, it first tries to get the decrypted ssh private key from it. The first time, the ssh-agent asks for the passphrase to decrypt the key, then keeps the decrypted key in memory as long as you don't log out of your local computer.
|
|
|
|
|
|
This is the ssh-agent that allows not having to enter the passphrase at each ssh connection.
|
|
|
|
|
|
By default ssh client is installed with a command line ssh-agent, but modern operating systems / graphical environments come with integrated "keyrings" which can act as ssh-agents (and can as well manage other kind of secrets, such as passwords, gpg keys, etc.):
|
|
|
|
|
|
* for OS X: Keychain
|
|
|
|
|
|
* for linux / gnome: gnome-keyring
|
|
|
|
|
|
* for linux / kde: kde-wallet
|
|
|
|
|
|
* for other linux desktop environments, or for windows: ?
|
|
|
|
|
|
These "keyrings" work as follows: When you login on your local computer, your login password is automatically used to unlock the secrets stored in the keyring, of which the ssh keys are part.
|
|
|
|
|
|
Thus to be able to perform connected git operations (push, pull, ...) without having to type any password you need:
|
|
|
|
|
|
* to use git over ssh
|
|
|
|
|
|
* to have a ssh keypair protected by a passphrase
|
|
|
|
|
|
* to use a command line or graphical ssh-agent
|
|
|
|
|
|
## How to convert a user account from internal to external
|
|
|
When a user is leaving Inria, the gitlab account cannot be used anymore. Two situations can occur:
|
|
|
|
... | ... | |