Set up SSH Keys

SSH keys are a way to authenticate yourself to another party (for example a service like GitLab). They replace the need for the usual username/password authentication. You'll learn more about this once you follow a course on Security and Cryptography. For now, you should only remember that SSH keys consist of a private part and a public part. As the name suggests you should never share the private part of your key. That's roughly equivalent to giving someone your password. The public part of your key is meant to be shared with other parties. Using the public part of the key anyone can send secure messages your way. Only when you have the private key then you can see the contents of these messages. In the following steps you'll create your private and public keys (your keypair) and you'll upload the public part of your key to GitLab so that GitLab will be able to authenticate you.

Creating your SSH key

When you first open your new GitLab account, it will give you a notification that you have not set up an SSH key yet. To make cloning easier we will start off by creating a SSH key. GitLab has an easy to follow tutorial on both creating the key. Note that in the tutorial you come across a step where you can set a passphrase for your (private) key. It's not required to do so. When you set a phrase, then make sure to remember it, as you'll be asked for the phrase every time you want to load/use your key. When you set no passphrase then you should ensure that nobody can access the private key file on your device (use a strong password to login and don't leave your device unlocked/unattended).

Uploading your public key to GitLab

The tutorial on GitLab also contains a part on adding your public key to your GitLab account. When you've completed all steps your private key is now allowed to access the GitLab instance.

Test your connection

By default your .ssh folder inside your home directory is checked for SSH keys. As long as they use default names, like id_rsa, id_ed25519, etc. then they should be picked up automatically. When you use a different name then you should either load your key manually (using your ssh-agent) or by editting your SSH configuration file (~/.ssh/config). When this is necessary we recommend the latter option. Create (or edit) the file ~/.ssh/config and add the following block;

Host gitlab-eemcs
    HostName gitlab.ewi.tudelft.nl
    IdentityFile ~/.ssh/id_custom_key

Change ~/.ssh/id_custom_key to the actual path to your desired private key (remember that the public counterpart should be uploaded in your GitLab account). You can also use this file to use different keys for different servers.

To check whether you can successfully connect to GitLab, you can run the following command;

ssh -vT git@gitlab.ewi.tudelft.nl

This will output something as follows;

OpenSSH_8.6p1, LibreSSL 2.8.3
debug1: Reading configuration data /Users/[username]/.ssh/config
debug1: /Users/[username]/.ssh/config line 9: Applying options for gitlab.ewi.tudelft.nl
...
debug1: Connecting to gitlab.ewi.tudelft.nl port 22.
debug1: Connection established.
...
debug1: Authenticating to gitlab.ewi.tudelft.nl:22 as 'git'
...
debug1: Will attempt key: [path to your private key and some more details]
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: [path to your private key and some more details]
debug1: Server accepts key: [path to your private key and some more details]
debug1: Authentication succeeded (publickey).
Authenticated to gitlab.ewi.tudelft.nl ([131.180.119.16]:22).
...
Welcome to GitLab, @[username]!