Do I need to have my private ssh key stored on my server in order to git clone repos while ssh'd into the server?

1. I generated my ssh key on my local machine.

2. I then used the following command to copy my public key onto my server: ssh-copy-id username@remote_host. That went smoothly.

3. I have confirmed that my local machine's ~/.ssh/id_rsa.pub has been copied onto my server at my_user's_home_directory/.ssh/authorized_keys. There are no other files in there.

4. I've also copied that same public key into Gitlab.

5. When I try to git clone a repo onto the server, I'm told:

[email protected]: Permission denied (publickey,keyboard-interactive).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

6. I can ssh easily enough into my server. But since my server doesn't hold my private key, it sort of makes sense to me that I wouldn't be able to ssh git clone. What's the normal procedure here? I can do a regular https download, is that the standard route?

You can use ssh -A to forward your ssh-agent to the remote host which will use your local keys from the remote server without sending the keys themselves.

While this seems like a secure option, only do this if you absolutely trust the remote server (ie. don't enable this by default). The forwarded ssh-agent can be used by anyone with the same remote user as yours or with root privileges.

If you decide to go that way, I'd recommend adding keys to the agent with ssh-add -c so you're prompted for confirmation when a key is used.