Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Manage: Access Group / 1 Feb 2022
GitLab / Manage: Access Group / 1 Feb 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Demo: Using "ecdsa-sk" and "ed25519-sk" SSH keys

Description

This is a demo video for a merge request: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78934

A

Hello, I'm bogdan I'm a beginner engineer at gitlab in this video I will talk about ssh keys, open ssh in version 8.2 added support for two new types of ssh keys that can be generated and only work together with a security key by security. Key I mean fiber you to have hardware authenticator, for instance, uh I use ubk as a security key in this video. I will show how those two new types of ssh keys work.

A

This github.

A

I have gitlab instance up and running on my local environment, and I have created my personal account: let's go to user settings, ssh keys, page and add such type of ssh key I've already added one type of ssh key. So, let's add another type one how to do so. We can use uh detroit documentation.

A

As you see, this documentation mentions about those two new types of ssh keys and there is a section that guides how to create generate ssh key pair for a security key. So first we should insert our security key into our computer. I'm going to do so. It's right now so open terminal and use command. Ssh kj gen to generate ssh key.

A

It requires a type argument that specifies what kind of algorithm we want to use and also it supports another interesting option uh resident that this option indicates uh that the k uh should be stored on the security key. So it makes easier to import such a key ssh key to new computer uh because it could wear the directory from a security key by using commands like ssh. At this k, option or sshk jam this k option.

A

When we proceed with ssh k gen, it will prompt us to touch our security key to proceed after that it would.

A

We will go through the same steps as for the rest of ssh keys, like a suggested file, name directory, specify a passphrase, etc, and in then we will see a confirmation that our ssh key is generated and stored.

A

After that, we will need to add this ssh key to our gitwork account. uh I already generated this ssh key, so let me show it oops, let's go to ssh directory and as you see uh there is uh two there is my player of ssh key. We are interested in public public ssh key here. You see the output of my public ssh key. Let's copy that and put that to our github account.

A

I will change the title bit to because I already have another ssh key, this title as my email, so I will differentiate them. So, let's add ssh key. As you can see, it's added you can see fingerprints, etc. So this is on the list or our ssh keys.

A

So now we can use this ssh key to uh to proceed. Some git operation, for instance,.

A

uh I have uh I put a private project, uh so I'm gonna, uh let's see uh the latest, commits to that project and and let's create a new, commit and try to push to our gitwipe instance.

A

This is the div we're going to push. Let's create a commit.

A

And let's push it to github.

A

As you can see, it prompt us to to uh to confirm user presents for our key, so currently my secure security key blinking to like asking me to tap it. So when I on my security key, it would proceed with ssh authentication and if it succeeds it would, it would proceed with git operation, it's probably because of timeout. So, let's repeat it again, I'm going to tap my security key and, as you see, uh git operation uh succeeded.

A

So if we go to github, we should see this new comment here and, as you see, it's is here. Let's see diff of this comment to make sure yeah that's uh what we uh what we've changed so let's create another commit.

A

For instance, I will just revert the white escalade and now I plug and plug in my security key and try to push again and as you see, it's immediately fails because authentication couldn't happen without security key, so what it means that if somebody stole my uh ssh key pair, they wouldn't be able to access my my detroit repositories because they have no my security key. So let me plug in it back to my computer and repeat, git push operation.

A

As you see, it again prompts to confirm my presence, so I type on my security key and it proceed with git operation and, let's see into the list of commits, we should see the right as one that reverts the current one.

A

As you see it, it is uh what else also admin of gitlab instance could restrict use, restrict usage of any type of ssh keys, including those new two ones that uh work together with security key.

A

That's all I want to mention. Thank you for watching.