First steps: activate 2FA, add your SSH key and create your first repository

Goals

At the end of this tutorial, you will know:

  • O1. Enable two-factor authentication (2FA) on your gitrust account
  • O2. Save a public SSH key in your profile to log in without a password
  • O3. Create an empty repository and verify that it is accessible at the expected URL

Prerequisites

  • Technical: an existing gitrust account (email + password), Git installed (git --version responds), a pair of SSH keys generated or to be generated (ssh-keygen)
  • Educational: no prior tutorial required — this is the starting point of the course
  • Estimated time: ~20 minutes

Overview

Before typing the first command, let's take 2 minutes to understand what you are going to do and why.

A repository is like a project folder with all its change history — a living archive box that Git monitors. On gitrust, this folder lives on the server and can be shared with your team.

An SSH key works like a lock and key: you keep the private key on your machine (never share it), and you store the public key in your gitrust profile. Then, Git connects automatically without asking you for a password again — gitrust recognizes your machine.

2FA (two-factor authentication) adds a second lock to your account: even if someone steals your password, they can't log in without your phone's code. This is an essential protection for any account that hosts code.

Here is the flow you will configure:

sequenceDiagram
    participant T as Ton navigateur
    participant G as gitrust (HTTPS :4000)
    participant S as Ton terminal (SSH :2222)

    T->>G: Connexion avec e-mail + mdp + code 2FA
    T->>G: Dépôt de la clé SSH publique
    S->>G: git push via SSH (authentifié par clé)
    G-->>T: Dépôt visible dans l'interface web

Step 1: Log in and access security settings

Open your browser and go to the URL of your gitrust instance (for example https://demo.gitrust.eu). Log in with your email and password.

Once logged in, click on your avatar at the top right, then on Settings (/settings). In the left menu, select Security.

Checkpoint : tu dois voir la page Sécurité avec une section « Authentification à deux facteurs » et le statut « Désactivée ». Si tu ne la vois pas, vérifie que tu es bien connecté avec le bon compte.

Step 2: Enable 2FA with an authenticator app

Sur la page Sécurité, clique sur Activer la 2FA. gitrust affiche un QR code.

  1. Open your authentication application (Google Authenticator, Authy, or any TOTP compatible equivalent).
  2. Scan the QR code with the app.
  3. The app displays a 6-digit code that changes every 30 seconds.
  4. Enter this code in the Verification code field and click Confirm.

Expected output (message in interface): 

La 2FA a été activée avec succès.
Conservez vos codes de secours dans un endroit sûr.

gitrust also displays 10 emergency codes (XXXX-XXXX format). Copy them and keep them offline — they allow you to regain access if you lose your phone.

Checkpoint : retourne sur Paramètres → Sécurité. La section 2FA doit maintenant afficher « Activée » en vert. Si elle affiche toujours « Désactivée », recommence l'étape en t'assurant que le code à 6 chiffres est saisi avant qu'il expire.

Step 3: Generate or locate your SSH key

If you don't have an SSH key pair yet, generate one now in your terminal:

ssh-keygen -t ed25519 -C "mon-compte@example.com"

Expected output: 

Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/toi/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/toi/.ssh/id_ed25519
Your public key has been saved in /home/toi/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx mon-compte@example.com

Press Enter to accept the default path. You can choose a passphrase or leave it blank (press Enter twice). A passphrase adds a layer of security.

Now display your public key (the .pub file — this one is made to be shared):

cat ~/.ssh/id_ed25519.pub

Expected output (single line): 

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx mon-compte@example.com

Copy this entire line to the clipboard.

Checkpoint: the cat command should display a line starting with ssh-ed25519 (or ssh-rsa if you have an older key). If it shows “No such file or directory”, the generation was not successful — rerun ssh-keygen.

Step 4: Save the SSH key in your gitrust profile

Dans ton navigateur, retourne sur Paramètres et clique sur Clés SSH dans le menu de gauche.

Click on Add SSH key. A form appears:

  • Title: gives a descriptive name to this key (e.g. laptop-perso-2026, poste-bureau)
  • Key: pastes the line copied in the previous step

Click Save Key.

Expected output (message in interface): 

Clé SSH ajoutée avec succès.

Now test the SSH connection from your terminal:

ssh -T git@demo.gitrust.eu -p 2222

Expected output: 

Bonjour tonpseudo ! Vous êtes authentifié, mais gitrust ne fournit pas d'accès shell.

Checkpoint: if you get this message, your SSH key is correctly registered. If you get Permission denied (publickey), check that you have copied the public key (.pub) and not the private key. See the “What if it doesn’t work” section below.

Step 5: Create your first empty repository

In your browser, click on the + at the top right (or navigate to /repo/new).

Fill out the form:

  • Owner: your nickname
  • Repository name: my-first-repository (letters, numbers, hyphens only)
  • Visibility: Private (or Public depending on your preference)
  • Initialize the repository: check “Add a README”

Click on Create repository.

Expected output: gitrust redirects you to the repository page at the URL: 

https://demo.gitrust.eu/tonpseudo/mon-premier-depot

The page shows a README.md file with the repository name, and the sidebar shows 1 commit, 1 branch (main).

Checkpoint: note the URL displayed in the address bar of your browser. It must correspond to the pattern https://<instance>/<pseudo>/<repository-name>. If you see a 404 or 500 error, reread the creation form.

Summary

  • O1 accompli : la 2FA est activée sur ton compte — tu l'as vérifiée sur la page Sécurité qui affiche « Activée »
  • O2 accomplished: your public SSH key is saved — you confirmed it with ssh -T git@... -p 2222 which responded “You are authenticated”
  • O3 accomplished: your first deposit is created and visible at the URL /<pseudo>/my-first-depot

And if it doesn't work

Symptôme Cause probable Correction
Permission denied (publickey) lors du test SSH Tu as collé la clé privée au lieu de la clé publique, ou le fichier .pub ne correspond pas à la clé active Dans gitrust, supprime la clé ajoutée. Retourne au terminal et exécute ssh-add -l pour voir les clés actives. Recopie la bonne clé .pub avec cat ~/.ssh/id_ed25519.pub
Connection refused lors du test SSH Le port SSH de l'instance est différent de 2222, ou l'instance est inaccessible Vérifie avec l'administrateur le port SSH réel. Essaie ssh -T git@<instance> -p 22 en alternative
Le code 2FA est refusé alors qu'il semble correct L'horloge de ton téléphone est désynchronisée (décalage > 30 s) Active la synchronisation automatique de l'heure sur ton téléphone (Paramètres → Date et heure → Automatique). Réessaie immédiatement après
Le dépôt redirige vers une erreur 422 lors de la création Le nom contient des caractères interdits (espaces, accents, /) Utilise uniquement des lettres non accentuées, chiffres et tirets. Évite les points en début ou fin de nom

Next step

02 — Clone and push code: clone your repository locally with SSH, make your first commit and push it to gitrust (~25 min)