Hello,
I send my private and public ssh key to a colleague, to be able him to connect through a remote server in OVH. This key is also used in the GitLab account.
Since he adds my key in his computer, he was able to connect to the OVH server remotely, but when he started to git push some commit in a GitLab repository, GitLab canceled the push. The fact is GitLab now consider my colleague as Me, because of the ssh key was also common in GitLab, and I wasn’t a Maintainer of the GitLab repository at the time he pushed.
He made me Maintainer of the repository to push again in the repository.
I don’t know what to do to reverse the situation, generate a new RSA key in the GitLab ? I don’t found how to reverse when added an RSA key. Furthermore, I don’t want to lose my connection from remote server or GitLab too.
OS is Ubuntu 20.04.
Thanks for your help
Hi,
First, never ever give your SSH key to anyone. He should have generated his own SSH key, and given you the public part, so id_rsa.pub or whatever format the key was in. You could have then added that key to the OVH server yourself putting it in authorized_keys under /root/.ssh or /home/username/.ssh depending on how you are connecting.
Since he has your key, of course Gitlab is going to think he is you, he can now do everything with your SSH key since you gave it to him and make it look like you did it. Best thing would be to either ask him to delete the key and for him to create a new one, or you remove your SSH key from your profile preferences and generate yourself a new one. You will also need to add that one to your OVH server, because if you delete your existing SSH key you will no longer have access to it. And you will need to put that key in the authorized_keys file that I mentioned above so that you will continue to have access to that server.
SSH keys are not for sharing. Each person should have their own SSH key. That’s just the same as giving him your login name and password. Bad idea.
2 Likes