Using SSH Keys to Connect to GitLab

Archie To

This blog post shows how to use an ssh key in local machine’s Ubuntu to authenticate your virtual machine (VM) with gitlab.com. This means you can clone or push your code to gitlab.com when you are on the VM, without having to generate a different ssh key on the VM or having to type in your password every time you clone or push code (if password authentication is still supported. If not, you won’t be able to push your code at all).

Topics:

  • Connect local machine’s Ubuntu to gitlab.com using an ssh key
  • Agent forwarding authenticate with VM from local machine’s Ubuntu, then connect VM to gitlab.com using local machine’s ssh key

Note: This blog post assumes you are using Ubuntu on your local machine.

About Ubuntu: Ubuntu itself is a Linux based operating system. Ubuntu in this blog refers to the Ubuntu terminal environment running on Windows Subsystem for Linux (wsl). In short, Ubuntu terminal allows you to run Linux commands on Windows.

To download Ubuntu, visit https://ubuntu.com/wsl.

Connect local machine’s Ubuntu to gitlab.com using an ssh key

Step 1: From your root directory, make sure that you are on your local machine’s Ubuntu terminal, the prompt should look something like username@host-unit, run:

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519): <Enter>
Enter passphrase (empty for no passphrase): <Enter passphrase>
Enter same passphrase again: <Re-enter passphrase>
Your identification has been saved in /home/username/.ssh/id_ed25519
Your public key has been saved in /home/username/.ssh/id_ed25519.pub
The key fingerprint is:
[...]

Note: Make sure you remember your passphrase since you will need this later. Also: Always use a passphrase unless you have a very good reason not to and you understand the risks.

To see your public key, you can run the following from your home directory:

$ cat .ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAroig2wJXaS4oDYer+UWo7I5RW5wQX/WD9SPNHn+yTziyb
organization\username@host-unit

Step 2: Now add the public key to your gitlab.com account by doing the following:

  • Visit gitlab.com
  • Login to your account
  • Click on your profile picture on the top right corner. Select Preferences.
  • Under User Settings column on the left of the screen, select SSH Keys.
  • Paste your public key above (which can always be retrieved by running cat .ssh/id_ed25519.pub) above to the Key text area. Set Title to something like “Work Laptop Local Machine”. Set an expiration date, in my case, I chose the end date of my employment. Then select Add Key.

Step 3: Next, connect your local machine’s Ubuntu to gitlab.com by running:

$ ssh git@gitlab.com
The authenticity of host ‘gitlab.example.com (35.231.145.151)’ can’t be established
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTrogPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘gitlab.example.com’ (ECDSA) to the list of known hosts.

At this step, you can receive the following message:

git@gitlab.com: Permission denied (public key)

If you do not receive the message above, simply run:

$ ssh git@gitlab.com
Welcome to GitLab, @username!

This means your local machine’s Ubuntu is now connected to Gitlab using an SSH key and you can clone or push your code to Gitlab without having to enter a username and password.

Possible bug 1: If you receive the message above git@gitlab.com: Permission denied (public key), there is a chance that when you ran ssh-keygen -t ed25519, you ran it in the command prompt instead of the Ubuntu Terminal. This results in the public key being for Windows instead of Ubuntu. There are two ways to fix this:

  1. Run ssh-keygen -t ed25519 in the Ubuntu terminal. Repeat all of the steps above.

  2. Copy the public and private keys from Windows to Ubuntu. On Ubuntu, run cp /mnt/c/Users/netlinkID/.ssh/* /home/username/.ssh. username is the username you selected when downloading Ubuntu. Now repeat step 3 and you should be good to go.

Possible bug 2: One other case for you to receive git@gitlab.com: Permission denied (public key) is that your private key is exposed to everyone, which means anyone can read and edit the private key, which lies in file /home/username/.ssh/id_ed25519. Note that it is without the “.pub”. To fix this, run:

$ cd /home/username/.ssh
$ chmod 600 id_ed25519
$ ls -l

The permission for id_ed25519 should be: -rw-------.

This means only the owner of the file, which is you, can read and write to the file.

To find out more why you receive git@gitlab.com: Permission denied (public key), run ssh -Tv git@gitlab.com.

Agent Forwarding authentication with VM from local machine’s Ubuntu

Step 1: Create a file in /home/username/.ssh named config. In it, write:

Host Myhost
Hostname 192.168.49.68
User vm_username
ForwardAgent yes

Step 2: Come back to /home/username on Ubuntu, run:

$ ssh-add
Enter passphrase for /home/username/.ssh/id_ed25519: <Enter your password>
Identity added: /home/username/.ssh/id_ed25519 (organization\netlinkID@host-unit)

If you receive Could not open a connection to your authentication agent, run:

$ eval "$(ssh-agent)"
Agent pid 57
$ ssh-add
Identity added: /home/username/.ssh/id_ed25519 (organization\netlinkID@host-unit)
$ ssh amalthea

You should be in the VM

$ ssh-add -l

You should see a key here. This means you are agent forward authenticated on the VM from local machine’s Ubuntu and you should have a similar public key as the one you have on local machine’s Ubuntu.

$ ssh git@gitlab.com

You should see a message Welcome to GitLab, @username!

Resources

For more info connecting Ubuntu to Gitlab using SSH key, visit:

https://docs.gitlab.com/ee/user/ssh.html#add-an-ssh-key-to-your-gitlab-account

For more info on how SSH-agent works:

https://smallstep.com/blog/ssh-agent-explained/