Commit 4261da51 authored by Marcel Amirault's avatar Marcel Amirault Committed by Thong Kuah

Move SSH page into the user docs

This deals with how users can create and SSH
keys to their account, so it should be in
user/profile, not a top level directory by itself.
parent eca1751b
...@@ -155,7 +155,7 @@ On self-managed GitLab, by default this feature is not available. To make it ava ...@@ -155,7 +155,7 @@ On self-managed GitLab, by default this feature is not available. To make it ava
Streaming audit events can be sent when signed-in users push or pull a project's remote Git repositories: Streaming audit events can be sent when signed-in users push or pull a project's remote Git repositories:
- [Using SSH](../ssh/index.md). - [Using SSH](../user/ssh.md).
- Using HTTP or HTTPS. - Using HTTP or HTTPS.
- Using the **Download** button (**{download}**) in GitLab UI. - Using the **Download** button (**{download}**) in GitLab UI.
......
...@@ -27,7 +27,7 @@ Everything up-to-date ...@@ -27,7 +27,7 @@ Everything up-to-date
``` ```
NOTE: NOTE:
If you're using HTTPS instead of [SSH](../../../ssh/index.md) to push to the secondary, If you're using HTTPS instead of [SSH](../../../user/ssh.md) to push to the secondary,
you can't store credentials in the URL like `user:password@URL`. Instead, you can use a you can't store credentials in the URL like `user:password@URL`. Instead, you can use a
[`.netrc` file](https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html) [`.netrc` file](https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-file.html)
for Unix-like operating systems or `_netrc` for Windows. In that case, the credentials for Unix-like operating systems or `_netrc` for Windows. In that case, the credentials
......
...@@ -20,7 +20,7 @@ Authentication is the first step in making your installation secure. ...@@ -20,7 +20,7 @@ Authentication is the first step in making your installation secure.
This one-time secret code is an additional safeguard that keeps intruders out, even if they have your password. This one-time secret code is an additional safeguard that keeps intruders out, even if they have your password.
- Add a backup email. If you lose access to your account, the GitLab Support team can help you more quickly. - Add a backup email. If you lose access to your account, the GitLab Support team can help you more quickly.
- Save or print your recovery codes. If you can't access your authentication device, you can use these recovery codes to sign in to your GitLab account. - Save or print your recovery codes. If you can't access your authentication device, you can use these recovery codes to sign in to your GitLab account.
- Add [an SSH key](../ssh/index.md) to your profile. You can generate new recovery codes as needed with SSH. - Add [an SSH key](../user/ssh.md) to your profile. You can generate new recovery codes as needed with SSH.
- Enable [personal access tokens](../user/profile/personal_access_tokens.md). When using 2FA, you can use these tokens to access the GitLab API. - Enable [personal access tokens](../user/profile/personal_access_tokens.md). When using 2FA, you can use these tokens to access the GitLab API.
## Projects and groups ## Projects and groups
......
...@@ -83,7 +83,7 @@ file (start the line with a `#` to comment it), and from your local machine, att ...@@ -83,7 +83,7 @@ file (start the line with a `#` to comment it), and from your local machine, att
ssh -T git@gitlab.example.com ssh -T git@gitlab.example.com
``` ```
A successful pull or [welcome message](../../ssh/index.md#verify-that-you-can-connect) would mean that GitLab was able to find the key in the database, A successful pull or [welcome message](../../user/ssh.md#verify-that-you-can-connect) would mean that GitLab was able to find the key in the database,
since it is not present in the file anymore. since it is not present in the file anymore.
NOTE: NOTE:
......
...@@ -104,7 +104,7 @@ sudo apt install acl ...@@ -104,7 +104,7 @@ sudo apt install acl
### Add SSH key ### Add SSH key
Let's suppose we want to deploy our app to the production server from a private repository on GitLab. First, we need to [generate a new SSH key pair **with no passphrase**](../../../ssh/index.md) for the deployer user. Let's suppose we want to deploy our app to the production server from a private repository on GitLab. First, we need to [generate a new SSH key pair **with no passphrase**](../../../user/ssh.md) for the deployer user.
After that, we need to copy the private key, which will be used to connect to our server as the deployer user with SSH, to be able to automate our deployment process: After that, we need to copy the private key, which will be used to connect to our server as the deployer user with SSH, to be able to automate our deployment process:
......
...@@ -48,7 +48,7 @@ contained) and you want to deploy your code in a private server, you need a way ...@@ -48,7 +48,7 @@ contained) and you want to deploy your code in a private server, you need a way
to access it. In this case, you can use an SSH key pair. to access it. In this case, you can use an SSH key pair.
1. You first must create an SSH key pair. For more information, follow 1. You first must create an SSH key pair. For more information, follow
the instructions to [generate an SSH key](../../ssh/index.md#generate-an-ssh-key-pair). the instructions to [generate an SSH key](../../user/ssh.md#generate-an-ssh-key-pair).
**Do not** add a passphrase to the SSH key, or the `before_script` will **Do not** add a passphrase to the SSH key, or the `before_script` will
prompt for it. prompt for it.
...@@ -124,7 +124,7 @@ on, and use that key for all projects that are run on this machine. ...@@ -124,7 +124,7 @@ on, and use that key for all projects that are run on this machine.
``` ```
1. Generate the SSH key pair as described in the instructions to 1. Generate the SSH key pair as described in the instructions to
[generate an SSH key](../../ssh/index.md#generate-an-ssh-key-pair). [generate an SSH key](../../user/ssh.md#generate-an-ssh-key-pair).
**Do not** add a passphrase to the SSH key, or the `before_script` will **Do not** add a passphrase to the SSH key, or the `before_script` will
prompt for it. prompt for it.
......
...@@ -21,7 +21,7 @@ This documentation is split into the following groups: ...@@ -21,7 +21,7 @@ This documentation is split into the following groups:
The following are guides to basic GitLab functionality: The following are guides to basic GitLab functionality:
- [Create and add your SSH public key](../ssh/index.md), for enabling Git over SSH. - [Create and add your SSH public key](../user/ssh.md), for enabling Git over SSH.
- [Create a project](../user/project/working_with_projects.md#create-a-project), to start using GitLab. - [Create a project](../user/project/working_with_projects.md#create-a-project), to start using GitLab.
- [Create a group](../user/group/index.md#create-a-group), to combine and administer - [Create a group](../user/group/index.md#create-a-group), to combine and administer
projects together. projects together.
......
...@@ -182,7 +182,7 @@ This connection requires you to add credentials. You can either use SSH or HTTPS ...@@ -182,7 +182,7 @@ This connection requires you to add credentials. You can either use SSH or HTTPS
Clone with SSH when you want to authenticate only one time. Clone with SSH when you want to authenticate only one time.
1. Authenticate with GitLab by following the instructions in the [SSH documentation](../ssh/index.md). 1. Authenticate with GitLab by following the instructions in the [SSH documentation](../user/ssh.md).
1. Go to your project's landing page and select **Clone**. Copy the URL for **Clone with SSH**. 1. Go to your project's landing page and select **Clone**. Copy the URL for **Clone with SSH**.
1. Open a terminal and go to the directory where you want to clone the files. Git automatically creates a folder with the repository name and downloads the files there. 1. Open a terminal and go to the directory where you want to clone the files. Git automatically creates a folder with the repository name and downloads the files there.
1. Run this command: 1. Run this command:
......
...@@ -71,7 +71,7 @@ The first items you need to configure are the basic settings of the underlying v ...@@ -71,7 +71,7 @@ The first items you need to configure are the basic settings of the underlying v
the user Azure uses to connect to the VM through SSH. By default, the user the user Azure uses to connect to the VM through SSH. By default, the user
has root access. has root access.
1. Determine if you want to provide your own SSH key or let Azure create one for you. 1. Determine if you want to provide your own SSH key or let Azure create one for you.
Read the [SSH documentation](../../ssh/index.md) to learn more about how to set up SSH Read the [SSH documentation](../../user/ssh.md) to learn more about how to set up SSH
public keys. public keys.
Review your entered settings, and then proceed to the Disks tab. Review your entered settings, and then proceed to the Disks tab.
......
...@@ -39,7 +39,7 @@ Hovering over this icon tells you why the key is restricted. ...@@ -39,7 +39,7 @@ Hovering over this icon tells you why the key is restricted.
## Default settings ## Default settings
By default, the GitLab.com and self-managed settings for the By default, the GitLab.com and self-managed settings for the
[supported key types](../ssh/index.md#supported-ssh-key-types) are: [supported key types](../user/ssh.md#supported-ssh-key-types) are:
- RSA SSH keys are allowed. - RSA SSH keys are allowed.
- DSA SSH keys are forbidden ([since GitLab 11.0](https://about.gitlab.com/releases/2018/06/22/gitlab-11-0-released/#support-for-dsa-ssh-keys)). - DSA SSH keys are forbidden ([since GitLab 11.0](https://about.gitlab.com/releases/2018/06/22/gitlab-11-0-released/#support-for-dsa-ssh-keys)).
......
...@@ -114,7 +114,7 @@ FLAG: ...@@ -114,7 +114,7 @@ FLAG:
On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `two_factor_for_cli`. On GitLab.com, this feature is not available. The feature is not ready for production use. This feature flag also affects [session duration for Git Operations when 2FA is enabled](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled). On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `two_factor_for_cli`. On GitLab.com, this feature is not available. The feature is not ready for production use. This feature flag also affects [session duration for Git Operations when 2FA is enabled](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).
Two-factor authentication can be enforced for Git over SSH operations. However, we recommend using Two-factor authentication can be enforced for Git over SSH operations. However, we recommend using
[ED25519_SK](../ssh/index.md#ed25519_sk-ssh-keys) or [ECDSA_SK](../ssh/index.md#ecdsa_sk-ssh-keys) SSH keys instead. [ED25519_SK](../user/ssh.md#ed25519_sk-ssh-keys) or [ECDSA_SK](../user/ssh.md#ecdsa_sk-ssh-keys) SSH keys instead.
The one-time password (OTP) verification can be done using a command: The one-time password (OTP) verification can be done using a command:
......
This diff is collapsed.
...@@ -10,7 +10,7 @@ This page gathers all the resources for the topic **Authentication** within GitL ...@@ -10,7 +10,7 @@ This page gathers all the resources for the topic **Authentication** within GitL
## GitLab users ## GitLab users
- [SSH](../../ssh/index.md) - [SSH](../../user/ssh.md)
- [Two-factor authentication](../../user/profile/account/two_factor_authentication.md) - [Two-factor authentication](../../user/profile/account/two_factor_authentication.md)
- [Why do I keep getting signed out?](../../user/profile/index.md#why-do-i-keep-getting-signed-out) - [Why do I keep getting signed out?](../../user/profile/index.md#why-do-i-keep-getting-signed-out)
- **Articles:** - **Articles:**
......
...@@ -79,7 +79,7 @@ Go to the [Git website](https://git-scm.com/), and then download and install Git ...@@ -79,7 +79,7 @@ Go to the [Git website](https://git-scm.com/), and then download and install Git
## After you install Git ## After you install Git
After you successfully install Git on your computer, read about [adding an SSH key to GitLab](../../../ssh/index.md). After you successfully install Git on your computer, read about [adding an SSH key to GitLab](../../../user/ssh.md).
<!-- ## Troubleshooting <!-- ## Troubleshooting
......
...@@ -45,7 +45,7 @@ set to 50MB. The default is 1MB. ...@@ -45,7 +45,7 @@ set to 50MB. The default is 1MB.
**If pushing over SSH**, first check your SSH configuration as 'Broken pipe' **If pushing over SSH**, first check your SSH configuration as 'Broken pipe'
errors can sometimes be caused by underlying issues with SSH (such as errors can sometimes be caused by underlying issues with SSH (such as
authentication). Make sure that SSH is correctly configured by following the authentication). Make sure that SSH is correctly configured by following the
instructions in the [SSH troubleshooting](../../ssh/index.md#password-prompt-with-git-clone) documentation. instructions in the [SSH troubleshooting](../../user/ssh.md#password-prompt-with-git-clone) documentation.
If you're a GitLab administrator with server access, you can also prevent If you're a GitLab administrator with server access, you can also prevent
session timeouts by configuring SSH `keep-alive` on the client or the server. session timeouts by configuring SSH `keep-alive` on the client or the server.
......
...@@ -13,5 +13,5 @@ and give everyone access to the projects they need. ...@@ -13,5 +13,5 @@ and give everyone access to the projects they need.
- [Workspace](../user/workspace/index.md) _(Coming soon)_ - [Workspace](../user/workspace/index.md) _(Coming soon)_
- [Groups](../user/group/index.md) - [Groups](../user/group/index.md)
- [User account options](../user/profile/index.md) - [User account options](../user/profile/index.md)
- [SSH keys](../ssh/index.md) - [SSH keys](../user/ssh.md)
- [GitLab.com settings](../user/gitlab_com/index.md) - [GitLab.com settings](../user/gitlab_com/index.md)
...@@ -199,7 +199,7 @@ To set a limit on how long these sessions are valid: ...@@ -199,7 +199,7 @@ To set a limit on how long these sessions are valid:
> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/1007) in GitLab 14.7. [Feature flag ff_limit_ssh_key_lifetime](https://gitlab.com/gitlab-org/gitlab/-/issues/347408) removed. > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/1007) in GitLab 14.7. [Feature flag ff_limit_ssh_key_lifetime](https://gitlab.com/gitlab-org/gitlab/-/issues/347408) removed.
Users can optionally specify a lifetime for Users can optionally specify a lifetime for
[SSH keys](../../../ssh/index.md). [SSH keys](../../ssh.md).
This lifetime is not a requirement, and can be set to any arbitrary number of days. This lifetime is not a requirement, and can be set to any arbitrary number of days.
SSH keys are user credentials to access GitLab. SSH keys are user credentials to access GitLab.
......
...@@ -438,6 +438,6 @@ Without the `config.extend_remember_period` flag, you would be forced to sign in ...@@ -438,6 +438,6 @@ Without the `config.extend_remember_period` flag, you would be forced to sign in
- [Receive emails for sign-ins from unknown IP addresses or devices](unknown_sign_in_notification.md) - [Receive emails for sign-ins from unknown IP addresses or devices](unknown_sign_in_notification.md)
- Manage applications that can [use GitLab as an OAuth provider](../../integration/oauth_provider.md#introduction-to-oauth) - Manage applications that can [use GitLab as an OAuth provider](../../integration/oauth_provider.md#introduction-to-oauth)
- Manage [personal access tokens](personal_access_tokens.md) to access your account via API and authorized applications - Manage [personal access tokens](personal_access_tokens.md) to access your account via API and authorized applications
- Manage [SSH keys](../../ssh/index.md) to access your account via SSH - Manage [SSH keys](../ssh.md) to access your account via SSH
- Change your [syntax highlighting theme](preferences.md#syntax-highlighting-theme) - Change your [syntax highlighting theme](preferences.md#syntax-highlighting-theme)
- [View your active sessions](active_sessions.md) and revoke any of them if necessary - [View your active sessions](active_sessions.md) and revoke any of them if necessary
...@@ -69,7 +69,7 @@ The deploy keys available are listed: ...@@ -69,7 +69,7 @@ The deploy keys available are listed:
Prerequisites: Prerequisites:
- You must have at least the Maintainer role for the project. - You must have at least the Maintainer role for the project.
- [Generate an SSH key pair](../../../ssh/index.md#generate-an-ssh-key-pair). Put the private SSH - [Generate an SSH key pair](../../ssh.md#generate-an-ssh-key-pair). Put the private SSH
key on the host that requires access to the repository. key on the host that requires access to the repository.
1. On the top bar, select **Menu > Projects** and find your project. 1. On the top bar, select **Menu > Projects** and find your project.
...@@ -87,7 +87,7 @@ name and permissions. ...@@ -87,7 +87,7 @@ name and permissions.
Prerequisites: Prerequisites:
- You must have administrator access. - You must have administrator access.
- [Generate an SSH key pair](../../../ssh/index.md#generate-an-ssh-key-pair). Put the private SSH - [Generate an SSH key pair](../../ssh.md#generate-an-ssh-key-pair). Put the private SSH
key on the host that requires access to the repository. key on the host that requires access to the repository.
To create a public deploy key: To create a public deploy key:
......
...@@ -206,8 +206,8 @@ used or renamed project, use the [UI](#create-a-project) or the [Projects API](. ...@@ -206,8 +206,8 @@ used or renamed project, use the [UI](#create-a-project) or the [Projects API](.
Prerequisites: Prerequisites:
- To push with SSH, you must have [an SSH key](../../ssh/index.md) that is - To push with SSH, you must have [an SSH key](../ssh.md) that is
[added to your GitLab account](../../ssh/index.md#add-an-ssh-key-to-your-gitlab-account). [added to your GitLab account](../ssh.md#add-an-ssh-key-to-your-gitlab-account).
- You must have permission to add new projects to a namespace. To check if you have permission: - You must have permission to add new projects to a namespace. To check if you have permission:
1. On the top bar, select **Menu > Projects**. 1. On the top bar, select **Menu > Projects**.
......
This diff is collapsed.
...@@ -31,7 +31,7 @@ module SystemCheck ...@@ -31,7 +31,7 @@ module SystemCheck
end end
try_fixing_it("mkdir #{backup_dir}", *instructions) try_fixing_it("mkdir #{backup_dir}", *instructions)
for_more_information('doc/ssh/index.md in section "Overriding SSH settings on the GitLab server"') for_more_information('doc/user/ssh.md#overriding-ssh-settings-on-the-gitlab-server')
fix_and_rerun fix_and_rerun
end end
......
...@@ -71,7 +71,31 @@ RSpec.describe SystemCheck::App::GitUserDefaultSSHConfigCheck do ...@@ -71,7 +71,31 @@ RSpec.describe SystemCheck::App::GitUserDefaultSSHConfigCheck do
end end
end end
describe '#show_error' do
subject(:show_error) { described_class.new.show_error }
before do
stub_user
stub_home_dir
stub_ssh_file(forbidden_file)
end
it 'outputs error information' do
expected = %r{
Try\ fixing\ it:\s+
mkdir\ ~/gitlab-check-backup-(.+)\s+
sudo\ mv\ (.+)\s+
For\ more\ information\ see:\s+
doc/user/ssh\.md\#overriding-ssh-settings-on-the-gitlab-server\s+
Please\ fix\ the\ error\ above\ and\ rerun\ the\ checks
}x
expect { show_error }.to output(expected).to_stdout
end
end
def stub_user def stub_user
allow(File).to receive(:expand_path).and_call_original
allow(File).to receive(:expand_path).with("~#{username}").and_return(home_dir) allow(File).to receive(:expand_path).with("~#{username}").and_return(home_dir)
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment