1

So, I am new to the GitLab server. Now, what I want to achieve is this:

Allow access to repositories only on certain ssh-keys. There are a limited no of machines and a limited no of users, so if a user adds an ssh-key outside these sets of keys, the repo should not clone there. Because my team size is small, I am okay if I only add those public keys to the account.

I am fine with the idea of ssh access but currently, as an admin, I lose the freedom to conveniently track or choose which all ssh-keys can access my repo. Can I disable users from adding ssh keys?

Is there any other way to ensure this? Would instead of having ssh enabled access HTTPS with whitelisting IP-enabled access work?

Pratap Alok Raj
  • 1,098
  • 10
  • 19
Simi Pahwa
  • 11
  • 1

1 Answers1

0

GitLab was, in the beginning (2011) based upon gitolite, but switched to its own mechanism in 2013.

Nowadays, it is best to declare a GitLab project private and add users to said project: that way you won't have to manage SSH or HTTPS access: any user who is not part of that project won't be able to see it/clone it (HTTPS or SSH).

In other words, repository access is no longer based on SSH keys (not for years), but is based on project visibility.

The OP adds:

even if a user is part of a project, he should only be able to clone the project on certain remote machines.

That is not a Git or GitLab feature, which means you need:

There is access to group by IP address restriction feature, since GitLab 12.0 (June 2019), but... only in GitLab Ultimate (meaning: "not free").

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Hi, what I essentially want is that even if a user is part of a project, he should only be able to clone the project on certain remote machines. Currently, the user has the freewill to add any ssh key and download the project at say his home desktop. I want to restrict that. – Simi Pahwa Jun 06 '21 at 15:21
  • @SimiPahwa OK. I have edited the answer accordingly. – VonC Jun 06 '21 at 15:39