This is a short post to explain how to setup a GitLab SSH key to securely access your repos. For the full GitLab documentation, please see this article.
In GitLab, to create an SSH key, navigate to: User Settings >> SSH Keys
Generate an SSH Key
I am doing this on a Mac, open a terminal and enter:ssh-keygen -t ed25519 -C "your_email@example.com"
Next, it will ask for a location and file name. I have let this default ~/.ssh/id_rsa, however it’s always a good idea to append it with something like _ntwklab_gitlab~/.ssh/
ssh-add ~/.ssh/id_ed25519_ntwklab_gitlab
Two files have been created: id_rsa which contains the private key and id_rsa.pub which is the public key.
Once created, cat the file id_rsa.pub to view the public key. Paste the public key into the box shown in the GitLab GUI.
cat ~/.ssh/id_ed25519_ntwklab_gitlab.pub
Test to see it works
ssh -T git@gitlab.com
Welcome to GitLab, @ntwklab1!
Clone Repo Error – GitLab SSH Key Not Used
At this stage, you should be able to clone a repo from the GitLab account. However, you may encounter an error similar to this where the private key is not correctly configured, and will be refused. The example below is for an older key I was using and is for an example a potential error only.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
% git clone git@gitlab.com:ntwklab1/Terraform.git Cloning into 'Terraform'... The authenticity of host 'gitlab.com (172.65.251.78)' can't be established. ED25519 key fingerprint is SHA256:eUXGGm1YGsMAS7vkcx6JOJdOGHPem5gQp4taiCfCLB8. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'gitlab.com' (ED25519) to the list of known hosts. git@gitlab.com: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. |
To fix this, I will add the private key to the ~/.ssh/config file. If this is not created, just create it touch ~/.ssh/config.IdentityFile ~/.ssh/id_rsa
|
0 1 2 3 4 5 |
Host gitlab.com AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa |
Testing
You can test directly from the CLI with this command ssh -T git@gitlab.com. If successful, you will see output similar to the below
|
0 1 2 3 |
ssh -T git@gitlab.com Welcome to GitLab, @ntwklab1! |
Re-run the clone command, and I have added a file, committed and pushed this back to the repo.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
git clone git@gitlab.com:ntwklab1/Terraform.git cd Terraform touch test.txt git status On branch main Your branch is up to date with 'origin/main'. Untracked files: (use "git add <file>..." to include in what will be committed) test.txt nothing added to commit but untracked files present (use "git add" to track) git add . git commit -am "new test file added" git push Enumerating objects: 4, done. Counting objects: 100% (4/4), done. Delta compression using up to 8 threads Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 272 bytes | 272.00 KiB/s, done. Total 3 (delta 1), reused 0 (delta 0), pack-reused 0 To gitlab.com:ntwklab1/Terraform.git 85d03f5..4dbfc8b main -> main |
Other Problems
I thought this was worth mentioning as I encountered this after an update and neglect to how it was configured.
I received this very large error that seemed to be mentioning HTTP authentication. The solution was quite simple, to reconfigure Git to use SSH authentication instead of HTTPS.
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Missing or invalid credentials. Error: connect ENOENT /var/folders/8m/2v9xcvd93rvdk9rv_jwb0sz40000gn/T/vscode-git-a992b72740.sock at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1611:16) { errno: -2, code: 'ENOENT', syscall: 'connect', address: '/var/folders/8m/2v9xcvd93rvdk9rv_jwb0sz40000gn/T/vscode-git-a992b72740.sock' } Missing or invalid credentials. Error: connect ENOENT /var/folders/8m/2v9xcvd93rvdk9rv_jwb0sz40000gn/T/vscode-git-a992b72740.sock at PipeConnectWrap.afterConnect [as oncomplete] (node:net:1611:16) { errno: -2, code: 'ENOENT', syscall: 'connect', address: '/var/folders/8m/2v9xcvd93rvdk9rv_jwb0sz40000gn/T/vscode-git-a992b72740.sock' } remote: HTTP Basic: Access denied. If a password was provided for Git authentication, the password was incorrect or you're required to use a token instead of a password. If a token was provided, it was either incorrect, expired, or improperly scoped. See https://gitlab.com/help/topics/git/troubleshooting_git.md#error-on-git-fetch-http-basic-access-denied fatal: Authentication failed for 'https://gitlab.com/ntwklab1/awscloudformation_addingnumbers.git/' |
Here are the commands that I ran to resolve the problem and resulted in a successful push.
|
0 1 2 3 |
git remote set-url origin git@gitlab.com:ntwklab1/awscloudformation_addingnumbers.git git remote -v |
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
-MacBook-Pro awscloudformation_addingnumbers % git remote set-url origin git@gitlab.com:ntwklab1/awscloudformation_addingnumbers.git -MacBook-Pro awscloudformation_addingnumbers % git remote -v origin git@gitlab.com:ntwklab1/awscloudformation_addingnumbers.git (fetch) origin git@gitlab.com:ntwklab1/awscloudformation_addingnumbers.git (push) -MacBook-Pro awscloudformation_addingnumbers % git push Enumerating objects: 5, done. Counting objects: 100% (5/5), done. Delta compression using up to 16 threads Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 548 bytes | 548.00 KiB/s, done. Total 3 (delta 2), reused 0 (delta 0), pack-reused 0 To gitlab.com:ntwklab1/awscloudformation_addingnumbers.git 8ee8173..0175e91 main -> main |