# SSH Key Setup for New VPS Quick guide to add your SSH private key to a new VPS and configure it for Gitea. ## Step 1: Create .ssh Directory ```bash mkdir -p ~/.ssh ``` ## Step 2: Add Private Key Get your private key from 1Password and create the file: ```bash cat > ~/.ssh/id_ed25519 << 'KEY' [PASTE YOUR ENTIRE PRIVATE KEY HERE - from -----BEGIN to -----END] KEY ``` ## Step 3: Set Correct Permissions This is critical for SSH to work: ```bash chmod 600 ~/.ssh/id_ed25519 chmod 700 ~/.ssh ``` SSH requires strict permissions for security. ## Step 4: Start SSH Agent ```bash eval "$(ssh-agent -s)" ``` You should see: Agent pid XXXXX ## Step 5: Add Key to Agent ```bash ssh-add ~/.ssh/id_ed25519 ``` You should see: Identity added ## Step 6: Test Connection ```bash ssh -T git@100.120.125.113 ``` Should respond with authentication success message. ## Step 7: Make SSH Agent Persistent (FIXED) The original Step 7 was buggy - the agent would die on logout. Here's the working solution. Add this to the END of your `~/.bashrc`: ```bash # SSH Agent Persistence - Add to end of ~/.bashrc if [ -z "$SSH_AUTH_SOCK" ]; then if pgrep -u "$USER" ssh-agent > /dev/null; then export SSH_AUTH_SOCK=$(pgrep -u "$USER" ssh-agent | xargs -I {} find /tmp -path "*ssh*" -name "agent.*" -user "$USER" 2>/dev/null | head -1) else eval "$(ssh-agent -s)" > /dev/null echo "$SSH_AUTH_SOCK" > ~/.ssh/agent.sock fi fi if [ -f ~/.ssh/agent.sock ] && [ -z "$SSH_AUTH_SOCK" ]; then export SSH_AUTH_SOCK=$(cat ~/.ssh/agent.sock) fi if [ -z "$(ssh-add -l 2>/dev/null | grep id_ed25519)" ]; then ssh-add ~/.ssh/id_ed25519 2>/dev/null fi ``` Then reload: ```bash source ~/.bashrc ``` ### How This Works 1. Checks if SSH_AUTH_SOCK is already set in environment 2. If not set, looks for existing running agent 3. If agent exists, uses its socket 4. If no agent running, starts new one and saves socket location 5. On new shell sessions, loads the saved socket 6. Auto-adds your key if not already loaded ### Verify Persistence Open a new terminal and check: ```bash echo $SSH_AUTH_SOCK ssh-add -l ``` Your key should be loaded without manual re-entry. ## Troubleshooting Step 7 If agent is still not persistent: Make sure code is at the END of ~/.bashrc: ```bash tail -20 ~/.bashrc | grep "SSH Agent" ``` If agent still dies, try this simpler version: ```bash # Simpler version - add to end of ~/.bashrc if [ -z "$SSH_AUTH_SOCK" ] ; then eval "$(ssh-agent -s)" > /dev/null ssh-add ~/.ssh/id_ed25519 2>/dev/null fi ``` Test with: ```bash bash echo "Agent: $SSH_AUTH_SOCK" ssh-add -l ``` ## Permissions Explained - chmod 600 = rw------- (you only) - chmod 700 = rwx------ (you only) - SSH requires strict permissions for security ## After SSH Works ```bash bash <(curl -s http://100.120.125.113:3000/pdm/homelab-agents/raw/branch/main/scripts/bootstrap-agents.sh) init-project my-project ``` Done! Now use Gitea without passwords.