Setting up multiple SSH keys with GitLab

Cloud Application Monitoring for Remote Workers
[FRS-425] FusionReactor On-Premise Firewall DNS and Static IP address rules (Fusion Reactor 5.0.x – 7.4.x)
Setting up multiple SSH keys with GitLab, FusionReactor

My issue

For some years I have had a large set of scripts, bash aliases, tools which I have had which I deploy on every system I have access.

The scripts have lots of standard utilities I have created lots of customisations for how I work when managing Linux systems.   These scripts started off as cygwin utilities for my Windows development and evolved over 15 years.

For some time I have used mercurial and Bitbucket, mainly as they provided private repositories for free when GitHub didn’t.

A year ago I moved to GitLab, they provided private free repositories and I was getting increasingly frustrated with the bitbucket usability and performance.

Both Bitbucket and GitLab used my personal ssh keys to get access, and I had configured these keys for many different computers (each with its own key).

Fast forward to 2020 and coronavirus… Intergral decided we need to move our development offsite, which was at risk due to our dedicated internet connection and our VPN connection.   If either failed we would not be able to continue the development of FusionReactor.    Many other projects were already running on GitLab, but we hadn’t moved FusionReactor as there hadn’t been any real necessity until the Coronavirus.

Moving our development process from subversion and Jenkins, hosted internally within Intergral to use GitLab and its CI runners was relatively simple.   We had been planning to do this over time, but Coronavirus made us do a big push to just get it moved ASAP.

One of the problems I had was that all my computers already had the SSH keys setup to use my personal/private GitLab repositories and I was constantly using my internal email address and password to develop FusionReactor.

 

The Solution

Unlike GitHub which allows you to use the same SSH key for multiple accounts, GitLab doesn’t.   So to change which key is used you have to configure ssh to chose the correct one.

This can be done by using a hostname alias for gitlab.com and using this alias instead of the real hostname.

Firstly you need a new specific SSH key for your new account.  My default key will be my personal GitLab and I need to create a new one for the Integral GitLab login.

 

$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/nwightma/.ssh/id_ed25519): /home/nwightma/.ssh/id_ed25519_intergral
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nwightma/.ssh/id_ed25519_intergral.
Your public key has been saved in /home/nwightma/.ssh/id_ed25519_intergral.pub.
The key fingerprint is:
SHA256:88pj17IttNz9JJ1S62BrdlOt0pw7+xPRjDiPqcxNZHc nwightma@neil
The key's randomart image is:
+--[ED25519 256]--+
|                 |
|                 |
|             . o.|
|            = o.E|
|        S  o * oo|
|         o. + oo=|
|         =.B B.==|
|       .o.X.*o%* |
|       .oo.++o+B=|
+----[SHA256]-----+
Setting up multiple SSH keys with GitLab, FusionReactor
$ cat ~/.ssh/id_ed25519_intergral.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnvXlRGntKCJYUV4cYiFTOcvfItYodDAeRi3yBvXTyn nwightma@neil

In GitLab go to your settings ( top right ) and select SSH Keys on the left.

Copy and paste the output from the cat command into the Key text box like this :

Setting up multiple SSH keys with GitLab, FusionReactor

Now we just need to configure the ssh host alias.

Edit the ~/.ssh/config file and add an alias like this

 

# Private GitLab instance
Host gitlab.intergral.com
     HostName gitlab.com
     User johndoe@example.com
     IdentityFile ~/.ssh/id_ed25519_intergral.pub

Now the project can be checked out normally but you have to change the hostname

E.g.

 

git clone git@gitlab.com:intergral/fusionreactor/agent.git

becomes

 

git clone git@gitlab.intergral.com:intergral/fusionreactor/agent.git

The last thing to remember is to configure your git username and email addresses.   If you want to use your personal email for personal git projects and company email for company projects you have to configure the emails per project.

I currently have my personal email address as my git global email address and select my company email address for each project, but on my work PC I have this reversed.

E.g

 

$ git config --local user.name "John Doe"
$ git config --local user.email johndoe@example.com

$ git config -l --local | grep email
user.email=johndoe@example.com

The project will show what email address your changes are being tracked as.