Now by this point, you should have two new files, specifically deploy_rsa and deploy_rsa.pub – the .pub file is your public key, this is what you’ll drop on your host. The other key is your private key, normally this would stay on your computer, but since we’re deploying from GitLab to your server, guess where it’s going!
Setting up deploy keys
1.) Go to Settings then CI/CD and expand the variables section
2.) Add a new variable named SSH_PRIVATE_KEY and copy/paste in the contents of the deploy_rsa file from earlier.
Depending on your repo visibility you may want to protect this variable, for me it’s just me and I have a staging environment, so I can’t protect the variable without protecting staging too. More on protected variables in the official documentation.
For my purpose, I have a bit more variables, since I don’t want to save these directly in the repository. Security by obscurity of course.
So here’s each variable and what they do, you may want to go ahead and set these, will make a bit more sense later.
- SSH_HOST – the IP or hostname of my remote server
- SSH_USER – this is my ssh username, just don’t feel safe saving that to the repo, would you?
- SSH_REMOTE – This is the trusted host key from the remote server. To get this you need to SSH into the remote using your local and state that you trust the remote. Then grab the last line from ~/.ssh/known_hosts – if you don’t want to do this, I’ll show you how to get around it, but it’s not recommended since trusting a single signature will prevent man in the middle attacks and fail to push your code to the remote.
Again, since I use a staging environment for my sites, I’m not protecting the variables since I didn’t want to protect staging.
Where to put the pub file?
Honestly this completely depends on your environment ( your host ). For dedicated boxes which you already have SSH access, you can edit your user’s ~/.ssh/authorized_keys file adding the contents of the .pub file to a new line in the file.
On SiteGround ( and probably various other cPanel-based hosts ) you can add it by going to the SSH/Shell Access section
Now once you’re in there, simply drop in the contents of your .pub file in the text box, pretty simple right? Of course, the IP address is optional, so I left mine empty, but if you wanna be extra secure, enter the IP of the GitLab server.
Now you’re set up to push deploys to your server, pretty neat eh? Let’s go to the next set of instructions, actually setting up the GitLab CI file.
On to Page 3 below, you’ve made it this far!