Hello, everybody!
I got into another project about 3 months ago and almost everything was new to me (GrapheneDB, NodeJS, React and Redux...
For further actions, you may consider blocking this person and/or reporting abuse
This is all well and good until GitLab has your email listed as XYZ but it really is ABC and the SSH key you generate is based upon your listed email address of ABC. Despite whatever email routing internally is happening the absence of a LocalHost file being mentioned in this how to disturbs me. I am in the middle of a fiasco with this scenario and in theory it is a simple task but because of the strange things happening with my domain credentials versus the multiple email addresses various applications are using this is making me look really bad
Nice but in the UI where you add the keys you have a link to a tutorial for doing exactly this, what were your difficulties that you encountered?
At first, it didn't work out. I don't understand why, but I kept on getting the access denied error. So I took a step back and started to look somewhere else for different approaches to that error. I took notes while I searched and finally, I had to delete every key that I ever added on my GitLab account and delete the entire ssh folder. Also, the complication that occured was that I changed three laptops in two weeks. One key was working on two machines, and then no key would work at all. This is why I decided to delete everything and follow other instructions.
I see, just a few regards I could add
do not share a key between devices. Beside being a security risk, a bad practice, this is the most like reason you had issues. You moved the key but you did not setup the proper file permissions, or did a proper setup of the ssh-agent. If you just generate a new key the
gen
will take care of that.when you generate is good to have at least a size of 2k, 4k if you want to access more secure environments (some services require minimum 4k)
you can keep a public (or not) list of public keys, so if you want to give access to one of them, you do not have to go to that device, here is mine
if the public file was not generated (or you forgot to copy it) the command
cat ~/.ssh/id_rsa.pub
will fail with file not found, you can generate it from the private key again, something likessh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
you can have multiple private keys, and force
git
to use different ones depending on the domains or specific machines, see here superuser.com/a/232406/950235This is great. Thanks a lot!
Though, if you put your (password-protected) key on something like a (encrypted) thumbdirive you can gain mobility without having to host the key on multiple systems.
If you want to host the key directly on multiple systems, encrypting the filesystem(s) where you're store the key-copies can greatly reduce the cited security-risk.
If you opt to use GPG keys for everything (git-over-SSH, commit-signing, etc.), you can also sub in something like a Yubi-key or other "smart card" type of device. Can probably store and use other types of keys, as well, GPG's just the one I'm most familiar with.
If you sign your commits with a GPG key instead of SSH you will get the [verified] tag.
Do not sign each commit, all sort of problems will appear later. Also it beats the purpose, if someone has write access to your repository, you have bigger problems. The commits can be signed with tag and they are immutable.
Really good idea to not make assertions without qualifying them (be that qualifier directly explaining your assertion or, since we've got markdown, here, providing a link to explain why you've made such an assertion).
Sincerely, this is great and helpful...Thank you!
a big thanks