Updated on 2023-07-25 GMT+08:00

SSH Keys

Introduction

When you push code to or pull code from a cloud repository, the cloud repository needs to verify your identity and permissions. SSH is an authentication mode for remote access to CodeHub.

  • An SSH key is an encrypted network transmission protocol that establishes a secure connection between your computer and CodeHub under your account.
  • After you configure an SSH key on a local computer and add the public key to CodeHub, you can use the SSH key to access all code repositories under your account from your computer.
  • Before connecting to CodeHub in SSH mode, generate an SSH key on your computer and configure it in CodeHub.

Generating and Configuring an SSH Key

The following procedure describes how to generate a public key and bind it.

  1. Install the Git Bash client by referring to Installing Git Bash for Windows.
  2. Check whether your computer has generated a key.

    Run the following command on the local Git client:

    cat ~/.ssh/id_rsa.pub
    • If No such file or directory is displayed, no SSH key has been generated on the computer. Go to 3 to generate and configure an SSH key.

    • If at least one group of keys is returned, an SSH key has been generated on your computer. To use the generated key, go to 4 directly. To generate a new key, go to 3.

  3. Generate an SSH private key.

    Run the following command on the local Git client to generate a new SSH key:
    ssh-keygen -t rsa -C "Your SSH key comment"

    Perform the following operations. If information similar to the preceding figure is displayed, the key is generated.

    1. The system prompts you to enter the storage path of the key. You can press Enter to use the default path.

    2. If a key already exists in the local path, the system asks you whether to overwrite it. Enter n to cancel key generation, or enter y and press Enter to overwrite the existing key. In this example, the existing key is overwritten.

    3. The system prompts you to set a password for the key and confirm the password. If you do not want to set a password, press Enter.
    • If a password is set (recommended), the generated private key file is stored after being encrypted by AES-128-CBC.
    • If you press Enter without entering the password, the generated private key file id_rsa is stored locally in plaintext. Keep it secure.

  4. Copy the SSH public key to the clipboard.

    Run the following command locally based on your operating system to copy the SSH public key to your clipboard. Take Windows as an example. If no command output is displayed, the public key is copied.
    • Windows:
      clip < ~/.ssh/id_rsa.pub
    • macOS:
      pbcopy < ~/.ssh/id_rsa.pub
    • Linux (xclip required):
      xclip -sel clip < ~/.ssh/id_rsa.pub

  5. Log in to the CodeHub repository list, switch to your region, and click Set SSH Key. The SSH Keys page is displayed.

  6. On the SSH Keys page, click Add SSH Key. The Add SSH Key page is displayed.
  7. In Title, enter a name for the new key, paste the SSH public key copied in 4 to the Key field, and click OK. A message is displayed, indicating that the operation is successful.

    • An SSH key cannot be added repeatedly. If an SSH key fails to be added, check whether it has already been added or whether there are redundant spaces in the key.
    • After the key is added, you can view it on the SSH Keys page. If it is no longer used, you can delete it.
    • The difference between an SSH key and repository deployment key is that the former is associated with a user/computer and the latter is associated with a repository. The SSH key has the read and write permissions on the repository, and the deploy key has the read-only permission on the repository.

Verifying Whether an SSH Key Is Bound

When an SSH key is bound, you can perform SSH-clone on the repository that you have the access permission on the client. If the clone is successful, the key is bound.

If you use SSH to clone a repository to the local computer for the first time, the message "The authenticity of host *.*.com can't be established. RSA key... (yes/no)" is displayed. Enter Yes to continue.