Hello, everybody!
I got into another project about 3 months ago and almost everything was new to me (GrapheneDB, NodeJS, React and Redux, ESLint rules, packages etc.). The only thing I knew how to use back then was JavaScript.
Obviously, the project set up was new to me as well. I never used VS Code before, neither GitLab or Heroku, so I didn't know some of the basic rules at the beginning. I took notes but even with the notes under my nose, I couldn't figure out how am I supposed to connect to GitLab using my SSH key when my laptop died last week.
I figured it out, in the end!
....but I had to connect information from two or three articles.
I think that if I put it all together here, it will be easier for someone else that encounters the same issue or, hell, it would be easier for me too to remember these things.
This is how I managed to create a SSH key and connect to my GitLab account using that key:
1) Open Git Bash (Download and Install Git Bash; You can use any *nix
based command prompt).
2) Type
cd ~/.ssh
This will take you to the root directory for Git (Likely C:\Users[YOUR-USER-NAME].ssh\ on Windows).
3) In the .ssh
folder you should find these two files: id_rsa
and id_rsa.pub
. These files tell the computer how to communicate with GitHub, BitBucket, or any other Git based service.
Those files were obviously missing from my computer so I had to create them.
Once you entered that command, you will get a few more questions:
Then this will be shown:
In the end, the entire process looks like this:
Enter file in which to save the key (/home/demo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/demo/.ssh/id_rsa. Your public key has been saved in /home/demo/.ssh/id_rsa.pub. The key fingerprint is: 4a:dd:0a:c6:35:4e:3f:ed:27:38:8c:74:44:4d:93:67 demo@a The key's randomart image is: +--[ RSA 2048]----+ | .oo. | | . o.E | | + . o | | . = = . | | = S = . | | o + = + | | . o + o . | | . o | | | +-----------------+
The public key is now located in /home/demo/.ssh/id_rsa.pub. The private key (identification) is now located in /home/demo/.ssh/id_rsa.
4) Copying the public key to GitLab
Go and open the id_rsa.pub
file (you can use any text editor you want).
Copy the entire content of that file and then open https://gitlab.com/profile/keys
.
Paste the content you copied from id_rsa.pub
in the Key input (don't add extra spaces or characters).
Give your key a descriptive name and then Add the key.
5) Try to git clone
or git push
.
I really hope this will help someone because this article is what I needed last week when I couldn't put things together and all seemed to be way harder than it actually is.
Top comments (11)
This is all well and good until GitLab has your email listed as XYZ but it really is ABC and the SSH key you generate is based upon your listed email address of ABC. Despite whatever email routing internally is happening the absence of a LocalHost file being mentioned in this how to disturbs me. I am in the middle of a fiasco with this scenario and in theory it is a simple task but because of the strange things happening with my domain credentials versus the multiple email addresses various applications are using this is making me look really bad
Nice but in the UI where you add the keys you have a link to a tutorial for doing exactly this, what were your difficulties that you encountered?
At first, it didn't work out. I don't understand why, but I kept on getting the access denied error. So I took a step back and started to look somewhere else for different approaches to that error. I took notes while I searched and finally, I had to delete every key that I ever added on my GitLab account and delete the entire ssh folder. Also, the complication that occured was that I changed three laptops in two weeks. One key was working on two machines, and then no key would work at all. This is why I decided to delete everything and follow other instructions.
I see, just a few regards I could add
do not share a key between devices. Beside being a security risk, a bad practice, this is the most like reason you had issues. You moved the key but you did not setup the proper file permissions, or did a proper setup of the ssh-agent. If you just generate a new key the
gen
will take care of that.when you generate is good to have at least a size of 2k, 4k if you want to access more secure environments (some services require minimum 4k)
you can keep a public (or not) list of public keys, so if you want to give access to one of them, you do not have to go to that device, here is mine
if the public file was not generated (or you forgot to copy it) the command
cat ~/.ssh/id_rsa.pub
will fail with file not found, you can generate it from the private key again, something likessh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
you can have multiple private keys, and force
git
to use different ones depending on the domains or specific machines, see here superuser.com/a/232406/950235This is great. Thanks a lot!
Though, if you put your (password-protected) key on something like a (encrypted) thumbdirive you can gain mobility without having to host the key on multiple systems.
If you want to host the key directly on multiple systems, encrypting the filesystem(s) where you're store the key-copies can greatly reduce the cited security-risk.
If you opt to use GPG keys for everything (git-over-SSH, commit-signing, etc.), you can also sub in something like a Yubi-key or other "smart card" type of device. Can probably store and use other types of keys, as well, GPG's just the one I'm most familiar with.
If you sign your commits with a GPG key instead of SSH you will get the [verified] tag.
Do not sign each commit, all sort of problems will appear later. Also it beats the purpose, if someone has write access to your repository, you have bigger problems. The commits can be signed with tag and they are immutable.
Really good idea to not make assertions without qualifying them (be that qualifier directly explaining your assertion or, since we've got markdown, here, providing a link to explain why you've made such an assertion).
Sincerely, this is great and helpful...Thank you!
a big thanks