How to set up an SSH key and use it for GitLab

sndrx on October 15, 2018

Hello, everybody! I got into another project about 3 months ago and almost everything was new to me (GrapheneDB, NodeJS, React and Redux, ESLint... [Read Full]
markdown guide
 

Nice but in the UI where you add the keys you have a link to a tutorial for doing exactly this, what were your difficulties that you encountered?

 

At first, it didn't work out. I don't understand why, but I kept on getting the access denied error. So I took a step back and started to look somewhere else for different approaches to that error. I took notes while I searched and finally, I had to delete every key that I ever added on my GitLab account and delete the entire ssh folder. Also, the complication that occured was that I changed three laptops in two weeks. One key was working on two machines, and then no key would work at all. This is why I decided to delete everything and follow other instructions.

 

I see, just a few regards I could add

  • do not share a key between devices. Beside being a security risk, a bad practice, this is the most like reason you had issues. You moved the key but you did not setup the proper file permissions, or did a proper setup of the ssh-agent. If you just generate a new key the gen will take care of that.

  • when you generate is good to have at least a size of 2k, 4k if you want to access more secure environments (some services require minimum 4k)

  • you can keep a public (or not) list of public keys, so if you want to give access to one of them, you do not have to go to that device, here is mine

  • if the public file was not generated (or you forgot to copy it) the command cat ~/.ssh/id_rsa.pub will fail with file not found, you can generate it from the private key again, something like ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

  • you can have multiple private keys, and force git to use different ones depending on the domains or specific machines, see here superuser.com/a/232406/950235

  • do not share a key between devices. Beside being a security risk, a bad practice, this is the most like reason you had issues. You moved the key but you did not setup the proper file permissions, or did a proper setup of the ssh-agent. If you just generate a new key the gen will take care of that.

Though, if you put your (password-protected) key on something like a (encrypted) thumbdirive you can gain mobility without having to host the key on multiple systems.

If you want to host the key directly on multiple systems, encrypting the filesystem(s) where you're store the key-copies can greatly reduce the cited security-risk.

If you opt to use GPG keys for everything (git-over-SSH, commit-signing, etc.), you can also sub in something like a Yubi-key or other "smart card" type of device. Can probably store and use other types of keys, as well, GPG's just the one I'm most familiar with.

 

If you sign your commits with a GPG key instead of SSH you will get the [verified] tag.

GPG signing

 

Do not sign each commit, all sort of problems will appear later. Also it beats the purpose, if someone has write access to your repository, you have bigger problems. The commits can be signed with tag and they are immutable.

 

Do not sign each commit, all sort of problems will appear later

Really good idea to not make assertions without qualifying them (be that qualifier directly explaining your assertion or, since we've got markdown, here, providing a link to explain why you've made such an assertion).

code of conduct - report abuse