*******    ***    ******   *******  ******   **  **    ***    *******
  ***     ** **   **   **  **       **   **  ** **    ** **     ***  
  ***    **   **  ******   *******  **   **  ****    **   **    ***  
  ***    *******  **  **   **       **   **  ** **   *******    ***  
***      **   **  **   **  *******  *****    **  **  **   **    *** 

When setting up SSH keys for git services, primarily GitLab and GitHub in my case, I find myself following an interesting protocol, that each host gets a separate SSH key. Here is simply some documentation on how I set this up (Mostly for my reference later) 

Generating the SSH key: 

GitLab's instructions are pretty easy to help make this happen. Simply run the one command: 

ssh-keygen -o -t rsa -C "username@hostname" -b 4096

GitLab instructs us to use an email address in the comment field of the SSH key, I find myself using the comment field to describe the user and hostname since I manage an individual key on a per-host basis and being able to differentiate keys is more important, at least in GitLab, than using an email. Since the keys are assigned to an account, GitLab manages to keep track of who is making the commit based on the key just fine. I believe I have run into this issue on GitHub, though. This will require a bit more testing. 

When choosing a filename for the SSH key files, I choose to name them for the destination I'm authenticating to. i.e. my gitlab key could be ~/.ssh/gitlab.jaredkat.net

The second part to this is setting SSH up to know to use our Git-specific keys on the right git services. While I can use a single key on each system and share their use between logging into servers, authenticating to Git, etc, I choose to use a Git-specific key. Might this be redundant? Perhaps. However, at some point, I decided it was a good idea and it's become a habit now. 

Contents of ~/.git/config

Host gitlab.jaredkat.net
IdentityFile ~/.ssh/gitlab.jaredkat.net

With these configurations put together, everything can run smoothly. If a machine gets compromised, I can revoke the host-specific SSH identity from the Git service without having to recreate SSH keys for each of the other hosts I develop from. 

 

Process for installing a custom…
A tale of woes setting up…
Setting up unique keys for git…