https://blog.contracode.com/2018-11-01T18:58:00-04:002018-06-21T00:00:00-04:002018-11-01T18:58:00-04:00Jared Contrasceretag:blog.contracode.com,2018-06-21:/posts/2018/Jun/21/definitive-guide-to-ssh-on-gitlab/

<p>While there are good <a href="https://docs.gitlab.com/ee/ssh/">instructions</a> in GitLab's documentation that explain how to set up key-based SSH authentication, these instructions fall short of a clear, concise, and complete solution. In addition to this, if you wish to use multiple SSH identities for specific services or environments, there are <em>even more</em> hurdles to overcome.</p> <p>This post will help you to set up SSH key-based login on GitLab, so you won't have to enter in your credentials every time you issue a <code>git push</code>, and so you can avoid the issues I encountered along the way.</p> <p>Let's get started!

<h3><a name="intro">Introduction</a></h3> <p>While there are good <a href="https://docs.gitlab.com/ee/ssh/">instructions</a> in GitLab's documentation that explain how to set up key-based SSH authentication, these instructions fall short of a clear, concise, and complete solution. In addition to this, if you wish to use multiple SSH identities for specific services or environments, there are <em>even more</em> hurdles to overcome.</p> <p>This post will help you to set up SSH key-based login on GitLab, so you won't have to enter in your credentials every time you issue a <code>git push</code>, and so you can avoid the issues I encountered along the way.</p> <p>Let's get started! </p> <h3><a name="generate-ssh-key">Generate an SSH Key</a></h3> <p>First, we need to generate an SSH key. We can do that with:</p> <p><code>ssh-keygen -o -t rsa -b 4096 -C "foo"</code></p> <p>This will prompt you to overwrite the key if you've already generated one. (That's okay!) If you already have an SSH key, use <code>Ctrl-C</code> or <code>n</code> to stop this process and proceed to the <a href="#import-ssh-key">next step</a>.</p> <p>To generate a key <em>specific to GitLab</em>, use:</p> <p><code>ssh-keygen -o -t rsa -b 4096 -f ~/.ssh/id_rsa.gitlab -v -C "foo"</code></p> <p>This will generate a OpenSSH-formatted key pair, using a 4096-bit cipher. Note that you can replace <strong><em>foo</em></strong> something more helpful to you, be it your email address or anything that helps you identify the key; the <code>-C</code> flag in the command represents a comment. For that, I tend to use my machine name.</p> <h3><a name="import-ssh-key">Import the SSH Key</a></h3> <p>Next, copy this to your clipboard with <code>xclip</code>. If you don't have xclip, install it with:</p> <p><code>sudo apt install -y xclip</code></p> <p>Then, copy the public key to your system clipboard wtih:</p> <p><code>xclip -sel clip &lt; ~/.ssh/id_rsa.gitlab.pub</code></p> <p>This assumes that you're using a key created just for GitLab. If that's not the case, use <code>xclip -sel clip &lt; ~/.ssh/id_rsa.pub</code>.</p> <p>After this, you'll need to navigate to the <a href="https://gitlab.com/profile/keys">SSH Keys</a> section of your GitLab profile.</p> <p>That page looks like this:</p> <p><img alt="GitLab Key Import" src="https://blog.contracode.com/images/general/definitive-guide-to-ssh-on-gitlab/key-import.png"></p> <p>Yes, I know: I don't have to put a mosaic filter over the <strong>Key</strong> field, since it is, after all, a <em>public</em> key. It's okay to share, and that's the beauty of asymmetric encryption! Nonetheless, I've chosen not to publish it here. It's not for you!</p> <p>Once on the <em>SSH Keys</em> page, paste your public key into the <strong>Key</strong> field and select the <strong>Add Key</strong> button. You've imported the SSH key! Wahoo!</p> <h3><a name="update-ssh-config">Update your SSH Config</a></h3> <p>If you are using an SSH key specific to GitLab, you'll need to add this to your <code>~/.ssh/config</code> file to tell <code>ssh-agent</code> which private key to use to authenticate.</p> <pre> Host gitlab.com User git Hostname gitlab.com IdentityFile ~/.ssh/id_rsa.gitlab Port 22 </pre> <p>Again, this task is optional if you are using the default <code>id_rsa</code> key.</p> <h3><a name="update-git-remote-origins">Update Git Remote Origins</a></h3> <p>If you've been working with GitLab for a while, you should issue the <code>git remote -v</code> command within each repository to review the <strong>origin</strong> remote and update it, if necessary. If this begins with "https", you will continue to be prompted for your username and password, despite having an SSH key set up.</p> <p>In general, a remote like <code>https://gitlab.com/foo/bar.git</code> will become <code>git@gitlab.com:foo/bar.git</code>.</p> <p>To update the git repository's remote origin, use:</p> <p><code>git remote set-url origin git@gitlab.com:foo/bar.git</code></p> <p>...and it wouldn't hurt to verify that this change has taken place, with another <code>git remote -v</code>.</p> <h3><a name="test-your-connection">Test Your Connection</a></h3> <p>You can do a simple test wtih:</p> <p><code>ssh -T git@gitlab.com</code></p> <p>Or a more verbose test wtih:</p> <p><code>ssh -Tv git@gitlab.com</code></p> <p>If these fail, try this before heading to Google:</p> <p><code>SSH_AUTH_SOCK=0 ssh git@gitlab.com</code></p> <p>What does this do? What's <code>SSH_AUTH_SOCK</code>? It's an environment variable that holds the path to a Unix file socket that the <code>ssh-agent</code> process uses. If the top two tests failed, and this one passed, the GNOME Keyring SSH Agent is getting in the way of your terminal-based SSH agent. Let's disable it.</p> <h3><a name="test-your-connection">Disable the GNOME Keyring SSH Agent</a></h3> <p>You'll only want to try this if the first two tests in the <a href="#test-your-connection">last step</a> failed, but the third one worked.</p> <p>Disabling this key agent on Ubuntu is rather easy. To begin, use the <code>Super</code> key, and type in "startup". Wait a moment, and you'll see an entry called <strong>Startup Applications</strong>. Launch that.</p> <p><img alt="Disable GNOME Keyring SSH Agent" src="https://blog.contracode.com/images/general/definitive-guide-to-ssh-on-gitlab/disable-gnome-keyring-ssh-agent.png"></p> <p>Untick the checkbox, and select the <strong>Close</strong> button. After this, log out and log back in, and you should be in business.</p> <p>Happy coding, everyone!</p>