Error: GitLab: Your SSH key type is forbidden. Must be RSA, ECDSA, or ED25519

How to Use GitLab
1

I’ve created a new ssh keypair using the following command - as asked
ssh-keygen -t rsa -C "my_email" -b 4096 -f id_rsa_gitlab.username

Running file command on the created file returns PEM RSA private key

I then did cat on the public key, and pasted on gitlab.com, and saved.

Yet, when I try to push my code, I get

GitLab: Your SSH key type is forbidden. Must be RSA, ECDSA, or ED25519.
fatal: Could not read from remote repository.

This/similar issue has been reported earlier, but was closed as “no updates in few weeks, hence closing”

I also trying creating ecdsa key, yet the same error. (I had to use size 521, cause 4096 was too big for ecdsa)

I think the error is misleading.

Can someone help troubleshoot and fix this issue ?

2

Hey, I was facing the same issue, until I realized I was using the private key value, not the public key value generated.

After you run the ssh-rsa command 2 files are generated. (.File and .pub)

~Take the public key from .pub file (NOT THE .File File) then add that to the SSH field. Should see it go through.

3

I do not understand. You say take from private key, and also say .pub
I’m confused.

Can you provide step by step instructions ?

4

OP says he uses ssh-keygen not some ssh-rsa command - there is no command called that on my system, but it might all come down to you using some inferior OS to us (I use Linux, more specifically Debian Bookworm - and technically these things depends on the ssh-client not the OS).

ssh-keygen has never created a file called <anything>.file when I have run it (and I guess I created my first SSH keys more than 25 years ago), and the generated <something>.pub file only contains one key. So what you’re writing is strange (and unusable for anyone using sane tools)

@mandarvaze Have you tried shorter keys? To see if that error is trying to tell you that your key is too long? (Yes, that is a silly restriction, but some websites do silly things, and GitLab is not above that level)
Or just including/excluding the ssh-rsa part at the beginning of the key so it’s possible/easy to determine what kind of key it is.

I have uploaded an SSH key to my account on gitlab.com, but it was several years ago, and I simply don’t remember how long that is, or whether I had to include/exclude the ssh-rsa part.

If none of my simple suggestions help, maybe you can share it here (it’s a public key, not really supposed to be secret, but in case you’re doing something wrong and uploading the private key, generate a new, see it rejected, and upload it here).

5

Hey, I made a typo above. The .pub file has the public key.

Anyway, I don’t seem to see this documented elsewhere, but you need to copy the generated id_rsa.file and id_rsa.pub files into your .ssh folder on windows.

After that, cloning ssh url will ask for a passphrase, instead of the git.etc password.

Enter the passphrase you created while generating the keys.

Here are the complete steps, going from 0 to successfully cloning which I can’t seem to find online elsewhere:

  1. In cmd, use the following command to generate keys with your company email etc:
    ssh-keygen -o -t rsa -C “ssh-keygen@mcnz.com”. Keep name as id_rsa when prompted.
  2. Copy files to .ssh folder on windowsuser/.ssh. Eg if your windows name is mandar, it’s <<C:\Users\mandar\ .ssh>>
  3. Copy key from id_rsa.pub file. Not from the id_rsa.File file!
  4. Clone ssh url only, from gitlab in Visual Studio, provide (3) to field.
  5. Provide passphrase.
6

Another couple of questions:

  1. Could you upload that key?
  2. Have you configured SSH so it uses that key against gitlab.com?