Jump to content

SSH keys

From mediawiki.org

SSH keys are necessary to login to the Gerrit and GitLab servers to push code to.

Generating a new SSH key

[edit]

Follow the instructions below to create one if you do not already have one in /.ssh. To make sure whether you need to generate a brand new key, let's check if an SSH key already exists on your system. Run this command in a terminal:

ls ~/.ssh

The command will list the files that are in the (hidden) .ssh directory. If the directory already exists on your system and if the output lists a file called id_ed25519.pub, then you can go directly to #Copy your SSH Public key.

To generate a new SSH key, open a terminal then enter the command below and replace user@example.com with your own email address. We want the default settings so when asked to enter a file in which to save the key, just press ↵ Enter.

ssh-keygen -t ed25519 -C "user@example.com"

Enter a strong and unique passphrase and press the ↵ Enter key.

Why do passphrases matter?
Passwords aren’t very secure. If you use one that’s easy to remember, it’s easier to guess or brute-force. If you use one that’s random it’s hard to remember, so you might write the password down. Both are very bad. This is why you’re using ssh keys. But using an ssh key without a passphrase is basically the same as writing down that random password in a file on your computer. Anyone who gains access to your drive has gained access to every system you use that key with. That's why you also add a passphrase. To not enter a long passphrase every time you use the key, there’s a tool called ssh-agent. It can save your passphrase securely. If you use macOS or Linux, then your keys can be saved in the system’s keychain to make your life even easier.

The ssh-keygen command will create 2 files in ~/.ssh directory:

  • ~/.ssh/id_ed25519 - your private SSH key (for identification)
  • ~/.ssh/id_ed25519.pub - your public SSH key

Copy your SSH Public key

[edit]

Get the content of your public key file (e.g. id_ed25519.pub) to copy it to your clipboard:

One option is to open your public key file with your favorite text editor (Notepad, TextEdit, gedit, etc.). In the file chooser dialog of your text editor, you may need to turn on “View hidden files” to find the file, because the .ssh directory is hidden. Sometimes the “View hidden files” option is available by right-clicking in the file chooser dialog.

Other options are:

  • On Linux, run cat ~/.ssh/id_ed25519.pub and manually copy the output to the clipboard.
  • On Windows, you can open Git GUI, go to Help 🡒 Show Key, and then press "Copy To Clipboard" to copy your public key to your clipboard.
  • On macOS, you can run pbcopy < ~/.ssh/id_ed25519.pub to copy the contents of the your public key file to your clipboard.

It’s important you copy your SSH Public key exactly as it is written, without adding any newlines or whitespace. Copy the full text, including the "ssh-ed25519" prefix, the key itself, and the email address suffix.

Add SSH Private key to use with Git

[edit]
The SSH agent service must be running and your SSH private key must be added to it every time you want to connect to the Git server. This means that if you close Git Bash on Windows after running these commands, you will need to run them again the next time you open Git Bash to re-login. Otherwise you will receive a Permission denied when trying to push code.

Start the Git Bash command line.

  • Start the ssh-agent service
eval `ssh-agent`
Be sure to use the accent `, not the single quote '. (You could copy and paste from this page if you cannot easily enter this special character.) Note also that if you are using an alternative shell in Linux (for example the Fish shell), this command may not work; switching to Bash will fix the issue.
  • Add your private key to the agent.[1] If you followed the steps above and your key has the default name id_ed25519, then the command is:
ssh-add ~/.ssh/id_ed25519
If you get WARNING: UNPROTECTED PRIVATE KEY FILE!, run chmod 600 ~/.ssh/id_ed25519 and then rerun the above command.

For macOS see CodeX article.

  1. If as a Ubuntu user you have a "Permission denied (publickey)" message, please check on this help page