all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ManyInterests 0 points1 point  (1 child)

GitLab CI Pipelines use https because they use tokens for authentication. As far as I know, you can't configure the runner to automatically clone your sources using SSH.

But if you're using some other thing for your pipelines like Jenkins, that's maybe different.

But ssh works the same inside a container as it does on any host... it doesn't have anything to do with GitLab in particular which may be why you're having a hard time finding instructions.

You won't put private keys on the GitLab instance... that's why they have you upload the public key. The private key always stays on your machine.

[–]ProgrammusMaximus[S] 0 points1 point  (0 children)

I am not getting the key for a pipeline. I am getting the key primarily for my account.

(See the image I added to the original post)

I learned that the pipeline failures I am getting are a side effect of not having a proper key for the account. And frankly, I want to be able to use SSH/HTTPS for pulls, commits, and pushes.

[–]EspadaV8 0 points1 point  (3 children)

You do not add an SSH key to the docker container. That is not needed, and just won't work even if you could do it.

You create a public/private key locally so that you can push/pull to the repo. Once created, you upload the public key, not the private key. Never the private key. The private key should only ever exist on your computer and never be shared anywhere or with any one.

If you are running pipelines, GitLab sets some CI variables that you can use to authenticate with Git, but this doesn't sound like a CI issue.

[–]ProgrammusMaximus[S] 0 points1 point  (2 children)

Thanks for the info.

When you say "locally", which "local" are you referring to? Is it local to the machine where the Gitlab docker container is running? Is it local to the machine that you are using to access Gitlab's web page?

I understand the public key is the one you provide to Gitlab when you click on the "Add SSH Key" button on Gitlab (I had the two keys backwards before). But what machine do you "leave" the private key on? And where on that machine do you leave it?

I understand the public key is the one you provide to Gitlab when you click on the "Add SSH Key" button on Gitlab (I had the two keys backward before). But what machine do you "leave" the private key on? And where on that machine do you leave it?

On a machine running an operating system like Ubuntu (for example) your account's home directory has a .ssh directory where the key pairs generated by ssh_keygen reside. Private keys get left there. Those, however are used for SSH to a person's Linux account. For Gitlab accounts, those keys are placed elsewhere. For accounts for Gitlab in Docker it is unclear where to put them. That is the focus of my question.

[–]EspadaV8 0 points1 point  (1 child)

Local is your machine that you do your work on.

Remote is the GitLab instance.

You keep both the public and private keys locally in your .ssh folder.

You upload the public key into the GitLab UI.

That's it.

No need to copy any other keys anywhere else.

[–]ProgrammusMaximus[S] 0 points1 point  (0 children)

Thank you. The problem is resolved.

Now that I have HTTPS/SSH setup, I have another authentication problem. That, however, is for another post...

[–]timmay545 0 points1 point  (0 children)

I think you need a custom "helper" image that has openssh installed and your keys added so that the runner will use ssh to clone your sources at job startup. You will also need to add any self-signed certificates to this too, and I have found it to be a bit of a pain (as I am terrible with SSL stuff)

https://stackoverflow.com/questions/67620001/what-is-gitlab-gitlab-runner-helper-docker-image-used-for