Updated on 2024-07-05 GMT+08:00

SSH Keys

Introduction

When you push code to or pull code from CodeArts Repo, the repository needs to verify your identity and permissions. SSH is an authentication mode for remote access to CodeArts Repo.

  • An SSH key is an encrypted network transmission protocol that establishes a secure connection between your computer and CodeArts Repo under your account.
  • After you configure an SSH key on a local computer and add the public key to CodeArts Repo, you can use the SSH key to access all code repositories under your account from your computer.
  • Before connecting to CodeArts Repo in SSH mode, generate an SSH key on your computer and configure it in CodeArts Repo.

Generating and Configuring an SSH Key

The following procedure describes how to generate a public key and bind it.

  1. Install the Git Bash client by referring to Installing Git Bash for Windows.
  2. Check whether your computer has generated a key.

    Run the following command on the local Git client:

    cat ~/.ssh/id_rsa.pub
    • If No such file or directory is displayed, no SSH key has been generated on the computer. Go to 3 to generate and configure an SSH key.

    • If at least one group of keys is returned, an SSH key has been generated on your computer. To use the generated key, go to 4 directly. To generate a new key, go to 3.

    • If you want to manage multiple keys on one computer, see How Can I Set Multiple SSH Keys on My Computer?

  3. Generate an SSH key.

    Run the following command on the local Git client to generate a new SSH key:
    ssh-keygen -t rsa -C "Your SSH key comment"

    Perform the following operations. If information similar to the preceding figure is displayed, the key is generated.

    1. The system prompts you to enter the storage path of the key. You can press Enter to use the default path.

    2. If a key already exists in the local path, the system asks you whether to overwrite it. Enter n to cancel key generation, or enter y and press Enter to overwrite the existing key. In this example, the existing key is overwritten.

    3. The system prompts you to set a password for the key and confirm the password. If you do not want to set a password, press Enter.

    • If a password is set (recommended), the generated private key file is stored after being encrypted by AES-128-CBC.
    • If you press Enter without entering the password, the generated private key file id_rsa is stored locally in plaintext. Keep it secure.

  4. Copy the SSH public key to the clipboard.

    Run the following command based on your operating system to copy the SSH public key to your clipboard. Take Windows as an example. If no command output is displayed, the public key is copied.
    • Windows
      clip < ~/.ssh/id_rsa.pub
    • macOS
      pbcopy < ~/.ssh/id_rsa.pub
    • Linux (xclip required)
      xclip -sel clip < ~/.ssh/id_rsa.pub

  5. Log in to the CodeArts Repo service repository list page, click the alias in the upper right corner, and choose This Account Settings > SSH Keys.

    Alternatively, log in to the repository list page of CodeArts Repo and click the icon to go to the SSH Key page.

  6. On the SSH Keys page, click Add SSH Key. The Add SSH Key page is displayed.

  7. Enter a key name, paste the SSH public key copied in 4 to the Key text box, select I have read and agree to the Privacy Statement and CodeArts Service Statement, and click OK. A message is displayed, indicating that the operation is successful.

    • An SSH key cannot be added repeatedly. If an SSH key fails to be added, check whether it has already been added or whether there are redundant spaces in the key.
    • After the key is added, you can view it on the SSH Keys page. If it is no longer used, you can delete it.
    • The difference between an SSH key and repository deploy key is that the former is associated with a user and computer and the latter is associated with a repository. The SSH key has the read and write permissions on the repository, and the deploy key has the read-only permission on the repository.

Verifying Whether an SSH Key Is Bound

When an SSH key is bound, you can perform SSH-clone on the repository that you have the access permission on the client. If the clone is successful, the key is bound.

If you use SSH to clone a repository to the local computer for the first time, the message "The authenticity of host *.*.com can't be established. RSA key... (yes/no)?" is displayed. Enter yes to continue.