h759bkyo4/Documentation
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Documentation/content/security/ssh-key.md
William Davis 686bfc5978
OSX --> macOS
2021-06-06 17:51:02 -04:00

3.4 KiB
Raw Blame History

eleventyNavigation
key title parent
SSHKey Adding an SSH key to your account Security

It is recommended to use one key per client. It means if you access your Codeberg repository from your home PC, your laptop and your office PC you should generate separate keys for each machine.

Generating an SSH key (pair)

  1. Open a shell (e.g. git-bash on Windows or bash on Linux).

  2. Paste the text below, substituting in your Codeberg email address.

    $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    This creates a new ssh key, using the provided email as a label:

    > Generating public/private rsa key pair.

  3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location:

    > Enter a file in which to save the key (/c/Users/you/.ssh/id_rsa):[Press enter]

  4. You will be asked for a passphrase, enter one if you like to or leave the prompt empty.

The private key part of your SSH key can be protected by a passphrase. This adds an additional layer of authentication which increases security. Be aware that this will only be helpful for certain attack scenarios and does not offer 100% protection. It is recommended to keep your private key safe and - well - private.

Add the SSH key to Codeberg

  1. Copy the SSH key to your clipboard. Attention: Copy only the public part of the key not the private one. You can identify it by the .pub extension. By default, you can find the public key in $HOME/.ssh/id_rsa.pub.

    On Linux you can use the xclip command like this

    $ xclip -sel clip < ~/.ssh/id_rsa.pub

    On Windows use a text editor (e.g. Notepad) or clip on the command line

    $ type .ssh/id_rsa.pub | clip

  2. Navigate to your user settings User Settings

  3. Go to the settings section SSH / GPG Keys and click on Add key.

SSH Key Settings
  1. Give an appropriate name for the key.
  2. Paste your key string from the clipboard into content field.

Test the SSH connection

Do this simple test:

$ ssh -T git@codeberg.org

The output should look like this:

Hi there, You've successfully authenticated, but Gitea does not provide shell access.
If this is unexpected, please log in with password and setup Gitea under another user.

Note: All Codeberg users share a single unix user named git which is used to check out repositories. Depending on the key provided, permission is granted or denied. You can check out all repositories with your key which you have permission for. You can push code to all repositories where you have write access.

Avoid re-typing the passphrase

Assuming you've created a secure key with passphrase, SSH will prompt you for your passphrase for every connection. Common desktop environments like macOS or Gnome will offer you to cache your passphrase via an SSH agent.

If you are working at the command line, you can alternatively do this directly:

$ eval $(ssh-agent)
$ ssh-add
## enter your passphrase once, this is then cached.