Ok, I pruned the history from this response, as I was already getting the feedback that the responses were queued for approval by the list moderators.

I updated the cryptpad with the details, but for Ray's information, I had to update the permissions on the ~rtoy/.ssh/authorized_keys file to be 0600 and then also get the /etc/shadow and /etc/gshadow files updated by using pwconv and grpconv.  After that, he was able to login via ssh.

How do we figure out the repo being read-only (which I'm guessing has to do with some ownership issues in the gitlab config)?