Pull repository mirroring: Support for SSH keys
Resources
FE @kushalpandya BE @nick.thomas
- Zendesk ticket: https://gitlab.zendesk.com/agent/tickets/13079
- Dev link: None
- GitLab version: 8.2
Customer would like support for configuring repository mirroring with Git over SSH, and thus, support for SSH keys. This is in addition to the current support for mirroring via http(s).
@DouweM @dzaporozhets What do you think?
Scope:
This is what is required for this feature:
- We need to update the Mirror repository settings view
- We need new types of user/server credentials. Hence, we'll add a dropdown in this screen to choose between:
- Password authentication (as it is now)
- New protocol: SSH public-key authentication. We generate a private key and display the public part to the user so they can copy and paste it onto their server, or into GitLab as a deploy key for the source project.
-
known_hostsmanagement:- Should be invisible for non-SSH URLs
- When we setup SSH (which can be password or pubkey-auth-based), we need to detect the host keys and present their fingerprints to the user to confirm that they're valid.
- When we edit SSH setup, we also need to re-trigger the verification
- Advanced users may want to enter known_hosts data directly. They should be able to click a button to get a
<textarea>they can input directly into, rather than using automatic detection - Who verified the host keys (i.e., submitted the form), and when, should be displayed for audit purposes.
Design
| Password authentication | SSH public key authentication |
|---|---|
 |
 |
Edited by Service Account - security-triage