Introducing workspace SSH support using your own private key(s)

Pudong Zheng Senior Software Engineer at Gitpod

Huiwen Huang Software Engineer at Gitpod

Lou Bichard Product Manager at Gitpod

Jul 13, 2022

SSH (secure shell) is a critical protocol for remote development.

Both JetBrains IDEs and the VS Code editor use SSH as their remote development foundation. So, a big focus at Gitpod has been on improving performance and usability for connecting using SSH.

Which is why today we’re excited to announce that in Gitpod you can now upload your own public keys to access your workspace. In addition, we’ve also removed the requirement for a mandatory public key to be available when access Gitpod using SSH with an Access Token.

With SSH public key upload you can now:

1. Re-connect to workspaces without needing to go back to the Gitpod dashboard.
2. Benefit from improved security when accessing your workspace with a private key.

But, why? Use-cases for SSH key upload

If you’ve been happily working away on Gitpod until now, you might be wondering why we’re so excited about users being able to upload their SSH keys for Gitpod? The SSH protocol is flexible, so there are many use-cases, but to give you an idea, here are some different use-cases:

1. Static connection strings - The access token method of copy/paste SSH generates a new workspace access token for each workspace start, meaning users had to go to the Gitpod dashboard to retrieve their SSH command on every workspace timeout or restart. Using an uploaded SSH key allows you can restart the workspace without needing to update your SSH connection details.

The workspace cluster version e.g. .ws-eu54.gitpod.io is currently included in the SSH connection host. On workspace update, you’ll still be required to update the SSH string. This is an area of improvement that we will investigate for the future.

2. Desktop client access - SSH is used as the protocol for many desktop tools, notably users who like to use local command line access for editing, connecting to headless testing tools (which connect to processes running in the workspace) and database clients. Not having to jump back and forth to the Gitpod dashboard eliminates some friction for these workflows.

3. Port-forwarding - Whilst, both the VS Code and JetBrains IDEs have support for port-forwarding, some of our users want to script / automate their port forwarding. Using regular SSH means you can more easily leverage the -L and -R flags of your SSH client for for port-forwarding without having to go back and forth to the dashboard to copy/paste the SSH string.

In addition to some of these more visual improvements, SSH key upload also will give our users more stable, performant and secure connections. Improvements to the SSH connection experience also enables Gitpod to build new workflows and features around the SSH protocol, such as:

• Further reducing steps and friction when opening desktop editors like VS Code Desktop
• Investigating a fully desktop-based workspace opening and managing experience in future

So, watch this space for future announcements!

Getting started with SSH key access

1. Navigate to the keys page in your Gitpod preferences

2. Upload a public SSH key (See: SSH documentation)

3. Go to your workspace list and copy the SSH command

Or, get the SSH connection from the workspace start page (when using a Desktop IDE or editor)

For more information, see the configuring SSH documentation, and using Gitpod with command-line access. And for any feedback see the related GitHub issue, or raise a new one.

What’s next for SSH in Gitpod?

1. Easier copying of SSH credentials - We want to make it easier for you to access your SSH credentials, either through direct IDE or editor integration, or via the gp CLI.
2. Integration with third-parties - We’re investigating integration with other 3rd party services which hold users public keys, such as GitHub, to avoid duplicate upload of SSH keys.
3. Improvement to desktop editing experiences - For users who prefer desktop for editing, either in VS Code Desktop or JetBrains—as opposed to editing in-browser—we will continue to investigate ways to improve the experience, for example with desktop-first editing experiences.

We hope you enjoy the new, easier SSH access in Gitpod, and we’d love to hear your feedback in the Gitpod community.

Lastly, a very special thanks to William and Sarah for their valuable input and thoughts as community heroes on this blog post!