SSH key introduction

时间:2022-05-13 20:12:48

Preface

At the first time, we take the connection with GitLab remote server. You need to type username and password as your individual credentials to login the server, since the connection between the client(your computer) and remote server(Git sever in a Linux machine) is built up SSH protocol. But every programmer want things to be simple next time, in order to reach the target, the SSH key is introduced to help us for login without manual authentication.

Begin you start…

if you have already know a little about Git, or you are being trained to know how to use Git for PLM. Perhaps the document can help you, Trust me, if you don’t know any context. The documentary will be boring and useless. actually, there is another choice of connection to GitLab remote server, you will also know it at the subsequent section.

Steps for deploying SSH keys

Note: the steps have already describe in your GitLab server, if you want to know more, click the reference http://10.8.0.68/help/ssh/README   . if you couldn’t access to the link ,the  document will tell you directly at subsequent section, the following steps can help you to know how to finish the job completely, even better.

1.     Locating an existing SSH key

Because there is possible that your machine had already been used by other developers and generated the SSH key when they configured their Git environment. So that, Before generating a new SSH key check if your system already has one at the default location by opening a Shell(Git Bash), or Command Prompt on Windows(CMD), and running the following command:

a)       Windows Command Prompt:

type %userprofile%\.ssh\id_rsa.pub

b)      Git Bash on Windows :

cat ~/.ssh/id_rsa.pub

If you see a string starting with ssh-rsa you already have an SSH key (this case will appear like above), but the key probably is not mapped to your identity. You have to know real place where your SSH key actually is located in. and to remove this files beneath the directory, and generate  new SSH key in accordance to your credential. the path is like the following pattern.

C:\Users\DanielDai\.ssh

the three important file are described below, if you are not interested in the concrete explanation, please ignore it.

         id_rsa:

The file contains private key for encryption in client terminal, when you login GitLab remote server through SSH protocol, private key is used to encrypt your username and Password(if there is).

Id_rsa.pub:

The file contains public key for decryption in server terminal, when server receive the your credential which have been encrypted via private key. And the server decrypt the information and check if this person’s login information is correct.

         Known_hosts:

GitLab remote server address and public key of GitLab server are stored in this file. the file content is used to decrypt information from remote server.

2.     Generating an SSH key

To Generate a new SSH key, you can do it through the following instructive commands.

a)       Git Bash on Windows:

ssh-keygen -t rsa -C "your.email@example.com" -b 4096

you will be noticed as the following prompt.

I suggest you press “enter” key without other thought if you configure your Git environment initially. Because using the suggested path will normally allow your SSH client to automatically use the SSH key without any additionally configuration. In other words, you don’t need to configure .git/config in local source repository. If you don’t know what .git/config is, referring toUse on Git. Of course, you have other choices for your customized requirement, but here is not going to introduce that alternative in details.

b)      Input a password

Once you input a file path, you will be prompted to input a password for security of your SSH key, although safety will be promised , I don’t recommend you to input password. It will be more simple and faster.

c)       Duplicate the public SSH key as somewhere need it afterwards

To copy the content, you can use the following commands to do that. Of course, opening up id_rsa.pub and then getting a duplication are more visual.

Git Bash on Windows:

cat ~/.ssh/id_rsa.pub | clip

3.     setting up an SSH key

return back GitLab management Page,navigate to the “SSH Keys” tab in your ‘Settings’.Paste your key in the ‘Key’ section and give it a relevant and identifiable ‘Title’.

Understanding of SSH and SSH key

Description: the section is about to conclude the fundamentals about SSH key. what is SSH protocol, what is SSH key, why the connection between Git client and GitLab remote server need the mechanical security system, and how does the security system work in our Git . If you are familiar with the knowledge, you don’t have to look through the chapter.

SSH protocol

Background

Over many years, intercommunication between computer terminals was based on plaintext.it caused too much securable risks that message is easy to be intercepted and captured. SSH protocol targets to resolve the risky issue. The transmission of information between multiple terminals will be encrypted and decrypted via SSH protocol. The material of encryption and decryption is SSH key, more information about SSH key is introduced in subsequent section.

Usage

SSH is typically used to log into a remote machine and process some tasks remotely. There are some helpful tools for that, such as putty, mremoteNG etc. of course, the Git bash is inclusive. we use SSH client to connect remote server to avoid using the Linux server on-site, and Git Lab remote server is belonging to Linux sever too.

SSH Key

         Background

Actually, we should name it SSH key pairs or (SSH public key and SSH private key).Because SSH protocol is built up on Public and private key encryption mechanism.

         Public and private key encryption mechanism

If there is an encrypted connection between two standalone entities, then, message that is encrypted by an entity’s private key require to be decrypted via this entity’s public key. so before establishment of network connection, another entity need know this entity’s public key.

So entity should generate a public key and a private key meanwhile using it’s key generation program.

the following pic could demonstrate the system well.

How does the security system work in our Git

As principle which is described above. So firstly, the GitLab remote server needs to save the client’s public key for decrypting user’s credentials from client. That is why we need to configure SSH key before.

For all files beneath the directory(C:\Users\DanielDai\.ssh) indicated at previous chapter. If you didn’t get completely understanding of that instruction, I advise you should review it again.

No matter what messages that are from Git client or Git Server will be transfer to each other based on SSH channel, so that, not only we need to deploy the SSH public key of Git Client to Git Server, but we also need to save the SSH public key of Git Server when Git client try to connect to an new server address at the first time.

Here is a good example, I think it can demonstrate the what the functional of the file (known_hosts) is.

The email from GiorGio tell us the change of GitLab remote Server Address, we need to replace the old address with new one.

After configure it already, the Git client will meet the following noticeable prompt when client try to connect to new address at the first time. If your response is ‘yes’, known_hosts file will save a new server address and the ssh public key from the sever.

 

Alternatives Of Connection To GitLab Remote Server

If you only know how to follow all steps to deploy the SSH key, of course, that is enough for development of Luxottica PLM. But , actually, there is another alternatives to connect to GitLab Remote Sever generally.  You can do the same things through “HTTPS/HTTP” channel.

The following screenshots shows how you can choose it.

If you choose the alternative, you don’t have to generate SSH key pairs and to deploy SSH public key to GitLab Server.