I generated my ssh key on my local machine.
I then used the following command to copy my public key onto my server:
ssh-copy-id username@remote_host. That went smoothly.I have confirmed that my local machine's
~/.ssh/id_rsa.pubhas been copied onto my server atmy_user's_home_directory/.ssh/authorized_keys. There are no other files in there.I've also copied that same public key into Gitlab.
When I try to
git clonea repo onto the server, I'm told:
[email protected]: Permission denied (publickey,keyboard-interactive).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
- I can ssh easily enough into my server. But since my server doesn't hold my private key, it sort of makes sense to me that I wouldn't be able to ssh git clone. What's the normal procedure here? I can do a regular https download, is that the standard route?
You can use
ssh -Ato forward your ssh-agent to the remote host which will use your local keys from the remote server without sending the keys themselves.While this seems like a secure option, only do this if you absolutely trust the remote server (ie. don't enable this by default). The forwarded ssh-agent can be used by anyone with the same remote user as yours or with root privileges.
If you decide to go that way, I'd recommend adding keys to the agent with
ssh-add -cso you're prompted for confirmation when a key is used.git is decentralized. Could fetch from Gitlab to your PC, then push from your PC to the server. ssh client is your PC for both, so your private key or forwarded agent doesn't touch the server.
Or, could have multiple ssh keys. A personal one for your PC, and a different one for the server. More keys to manage, but possible to monitor and control separately, service account style.
Or, don't use git as a deployment tool. Generate a package or some other archive, and install that like you do other software.