Question: ssh private key location for terminal git cli usage

[rhughes89]

I imported a git project using the GUI and would like to be able to run git commands in the terminal as well as using the GUI. The problem is that since I imported the git with ssh via GUI, I need the RSA private key to be able to pull and push to the repository

While I can generate a new RSA key for each machine and upload to bitbucket. I'd rather use the one I set up in the GUI. and use that over all the workspace machines and other workspaces. Is there a location where this data is mounted on each machine? is there a configuration that I can set to make sure that the config is mounted?

Reproduction Steps:

1. Import a private git project in the GUI via ssh method
2. Open terminal
3. make a change to a file and try pushing the change
4. get a permission denied error.

OS and version:
OS: Ubuntu 16.04
Version: 5.6.0-SNAPSHOT

[ghost]

@rhughes89 currently, UI Git (which is JGit) and console git are two different and unrelated systems when it comes to authentication and security.

There's a similar issue - #3672

[rhughes89]

@eivantsov Thank you for your response.

I was able to work around this by writing a script to grab the ssh info from the Postgres database and inject it into my workspace. According to #3672, it would be awesome to inject some sort ENVIRONMENT Variable or to add an ssh config on boot on the workspace so that your terminal git uses the same keys.

Another solution is to be able to grab private and ssh key data via the API on the user endpoint. I understand that there are major security implications with this, even if you make the call as an authenticated user. but it would be great to be able to write a script that uses the API to get the ssh private key and public key info.

thoughts?

[ghost]

This is the solution that we have been looking at. I can share the script.

[rhughes89]

@eivantsov That would be incredible if you can share the script 😸

[ghost]

@rhughes89 here you go:

#!/bin/sh                                                                                                                                                                                                              
                                                                                                                                                                                                                          
if [ $1 = "-p" ]                                                                                                                                                                                                          
then                                                                                                                                                                                                                      
    host=$(echo "$3" | sed -e 's/git@//')                                                                                                                                                                                 
else                                                                                                                                                                                                                      
    host=$(echo "$1" | sed -e 's/git@//')                                                                                                                                                                                 
fi                                                                                                                                                                                                                        
                                                                                                                                                                                                                          
ssh_key=$(echo "$(curl -s "$CHE_API/ssh/vcs/find?name=$host&token=$USER_TOKEN"| grep -Po '"privateKey":.*?[^\\]",')" | sed -e "s/\"privateKey\":\"//")                                                                    
                                                                                                                                                                                                                          
if [ -n "$ssh_key" ]                                                                                                                                                                                                      
then                                                                                                                                                                                                                      
    key_file=$(mktemp)                                                                                                                                                                                                    
    echo "$ssh_key" > "$key_file"                                                                                                                                                                                         
    ssh -i "$key_file" "$@"                                                                                                                                                                                               
    rm "$key_file"                                                                                                                                                                                                        
else                                                                                                                                                                                                                      
    ssh "$@"                                                                                                                                                                                                              
fi

[davidwindell]

@eivantsov would you mind sharing how you use this in your terminal? What do you name the script and where do you place it?

UPDATE: We now use CHE_WORKSPACE_VOLUME so that we can inject the same private key into ~/.ssh in the workspaces

[sunix]

Maybe setting up the path to this script in .git/config file, see https://git-scm.com/docs/git-config#git-config-coresshCommand.
What I like in that approach is that it is done dynamically using the dynamically injected USER_TOKEN