loading...
Cover image for How to set up an SSH key and use it for GitLab

How to set up an SSH key and use it for GitLab

sndrx profile image sndrx ・1 min read

Hello, everybody!

I got into another project about 3 months ago and almost everything was new to me (GrapheneDB, NodeJS, React and Redux, ESLint rules, packages etc.). The only thing I knew how to use back then was JavaScript.

Obviously, the project set up was new to me as well. I never used VS Code before, neither GitLab or Heroku, so I didn't know some of the basic rules at the beginning. I took notes but even with the notes under my nose, I couldn't figure out how am I supposed to connect to GitLab using my SSH key when my laptop died last week.

I figured it out, in the end!
....but I had to connect information from two or three articles.

I think that if I put it all together here, it will be easier for someone else that encounters the same issue or, hell, it would be easier for me too to remember these things.

This is how I managed to create a SSH key and connect to my GitLab account using that key:

1) Open Git Bash (Download and Install Git Bash; You can use any *nix based command prompt).

2) Type

 cd ~/.ssh 

This will take you to the root directory for Git (Likely C:\Users[YOUR-USER-NAME].ssh\ on Windows).

3) In the .ssh folder you should find these two files: id_rsa and id_rsa.pub. These files tell the computer how to communicate with GitHub, BitBucket, or any other Git based service.

Those files were obviously missing from my computer so I had to create them.

 ssh-keygen -t rsa -C "your_email@example.com" 
Type this to create those two files

Once you entered that command, you will get a few more questions:

Enter file in which to save the key (/home/demo/.ssh/id_rsa):
You can press enter here, saving the file to the user home (in this case, my example user is called demo).

Then this will be shown:

Enter passphrase (empty for no passphrase):
The only downside, of course, to having a passphrase, is then having to type it in each time you use the key pair. I suggest you to use a passphrase though, due to security concerns.

In the end, the entire process looks like this:

Enter file in which to save the key (/home/demo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
The key fingerprint is:
4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a
The key's randomart image is:
+--[ RSA 2048]----+
|          .oo.   |
|         .  o.E  |
|        + .  o   |
|     . = = .     |
|      = S = .    |
|     o + = +     |
|      . o + o .  |
|           . o   |
|                 |
+-----------------+

The public key is now located in /home/demo/.ssh/id_rsa.pub. The private key (identification) is now located in /home/demo/.ssh/id_rsa.

4) Copying the public key to GitLab

Go and open the id_rsa.pub file (you can use any text editor you want).
Copy the entire content of that file and then open https://gitlab.com/profile/keys.

How GitLab SSH Keys page looks

Paste the content you copied from id_rsa.pub in the Key input (don't add extra spaces or characters).

Give your key a descriptive name and then Add the key.

5) Try to git clone or git push.

I really hope this will help someone because this article is what I needed last week when I couldn't put things together and all seemed to be way harder than it actually is.

Posted on Oct 15 '18 by:

sndrx profile

sndrx

@sndrx

Don't trust atoms, they make up everything.

Discussion

markdown guide
 

Nice but in the UI where you add the keys you have a link to a tutorial for doing exactly this, what were your difficulties that you encountered?

 

At first, it didn't work out. I don't understand why, but I kept on getting the access denied error. So I took a step back and started to look somewhere else for different approaches to that error. I took notes while I searched and finally, I had to delete every key that I ever added on my GitLab account and delete the entire ssh folder. Also, the complication that occured was that I changed three laptops in two weeks. One key was working on two machines, and then no key would work at all. This is why I decided to delete everything and follow other instructions.

 

I see, just a few regards I could add

  • do not share a key between devices. Beside being a security risk, a bad practice, this is the most like reason you had issues. You moved the key but you did not setup the proper file permissions, or did a proper setup of the ssh-agent. If you just generate a new key the gen will take care of that.

  • when you generate is good to have at least a size of 2k, 4k if you want to access more secure environments (some services require minimum 4k)

  • you can keep a public (or not) list of public keys, so if you want to give access to one of them, you do not have to go to that device, here is mine

  • if the public file was not generated (or you forgot to copy it) the command cat ~/.ssh/id_rsa.pub will fail with file not found, you can generate it from the private key again, something like ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

  • you can have multiple private keys, and force git to use different ones depending on the domains or specific machines, see here superuser.com/a/232406/950235

This is great. Thanks a lot!

  • do not share a key between devices. Beside being a security risk, a bad practice, this is the most like reason you had issues. You moved the key but you did not setup the proper file permissions, or did a proper setup of the ssh-agent. If you just generate a new key the gen will take care of that.

Though, if you put your (password-protected) key on something like a (encrypted) thumbdirive you can gain mobility without having to host the key on multiple systems.

If you want to host the key directly on multiple systems, encrypting the filesystem(s) where you're store the key-copies can greatly reduce the cited security-risk.

If you opt to use GPG keys for everything (git-over-SSH, commit-signing, etc.), you can also sub in something like a Yubi-key or other "smart card" type of device. Can probably store and use other types of keys, as well, GPG's just the one I'm most familiar with.

 

This is all well and good until GitLab has your email listed as XYZ but it really is ABC and the SSH key you generate is based upon your listed email address of ABC. Despite whatever email routing internally is happening the absence of a LocalHost file being mentioned in this how to disturbs me. I am in the middle of a fiasco with this scenario and in theory it is a simple task but because of the strange things happening with my domain credentials versus the multiple email addresses various applications are using this is making me look really bad

 

If you sign your commits with a GPG key instead of SSH you will get the [verified] tag.

GPG signing

 

Do not sign each commit, all sort of problems will appear later. Also it beats the purpose, if someone has write access to your repository, you have bigger problems. The commits can be signed with tag and they are immutable.

 

Do not sign each commit, all sort of problems will appear later

Really good idea to not make assertions without qualifying them (be that qualifier directly explaining your assertion or, since we've got markdown, here, providing a link to explain why you've made such an assertion).

 

Sincerely, this is great and helpful...Thank you!