DEV Community

Cover image for Configuring SSH for git
Idris Rampurawala
Idris Rampurawala

Posted on • Edited on

Configuring SSH for git

Consider you are deploying an application on a server which is maintained by Git versioning system. You clone the git repository through your own credentials and set up the system. When you run git pull, it will ask for credentials again. This is certainly not what you are looking out, right? You want something by which you can pull the changes without anyone's credentials. The answer is - connecting to git via SSH.

Surely, this is not the only use case where you can make use of this feature. It can also help you in use cases like building pipelines. Now that we have a bit of context, let's understand how it works.

✋ For simplicity, we are assuming that the client machine is running on Linux operating server. This assumption is only for the commands that we run on operating system. The steps for configuring SSH for git remains the same irrespective of the operating system. For other operating systems, you can use respective commands to achieve the results.

About SSH

SSH is a protocol by which you can connect and authenticate to remote servers and services. SSH establishes a secured connection between two parties(client and server), authenticating each side to the other, and passing commands and output back and forth. With SSH keys, you can connect to Git hosting servers(e.g GitHub, BitBucket) without supplying your username or password at each visit.

Understanding the SSH workflow is out of the purview of this post, hence we will restrict our discussions to the topic.

Setting up SSH keys

When you set up SSH, you create a key pair - private and public keys. Private key is saved to your local computer, generally in .ssh folder. Public key is passed (uploaded) to the server to authenticate the request.

Before creating new keys, you can check if you already have key pair created.

$ ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist
Enter fullscreen mode Exit fullscreen mode

Check the directory listing to see if you already have a public SSH key. By default, the filename of the public key ends with .pub e.g. id_rsa.pub
If you don't have an existing public and private key pair, or don't wish to use existing keys, then generate a new SSH key by following the steps below:

  • Generate key using ssh-keygen
$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest/.ssh/id_rsa):
Enter fullscreen mode Exit fullscreen mode
  • Configuring the key

    You will be asked to customize filename and passphrase. You can just hit Enter if you want to keep the defaults. The whole interaction will look similar to the following:

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest/.ssh/id_rsa):
Created directory '/home/guest/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/guest/.ssh/id_rsa.
Your public key has been saved in /home/guest/.ssh/id_rsa.pub.
The key fingerprint is:
4c:80:61:2c:00:3f:9d:dc:08:41:2e:c0:cf:b9:17:69 guest@myhost.local 
The key's randomart image is:
+--[ RSA 2048]----+
|*o+ooo.          |
|.+.=o+ .         |
|. *.* o .        |
| . = E o         |
|    o . S        |
|   . .           |
|     .           |
|                 |
|                 |
+-----------------+
Enter fullscreen mode Exit fullscreen mode
  • Verify the keys that have been created by listing the directory
$ ls ~/.ssh 
id_rsa id_rsa.pub
Enter fullscreen mode Exit fullscreen mode

You will get a pair of key filenames as an output. id_rsa is the private key and id_rsa.pub is the public key.

Adding key to the ssh-agent

If you don't want to type your password each time you use the key, you'll need to add it to the ssh-agent.

# start the ssh agent
$ eval `ssh-agent` 
Agent pid 9700

# add your private key (the filename without .pub)
$ ssh-add ~/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode

Add your public key to the server (GitHub, BitBucket)

Once you have created your key pair, it is time to add your public key to git hosting server to authenticate you ssh communication. You can follow the steps in the link for adding keys to GitHub and BitBucket (Step 4)

Change the remote URL to your repository

Copy the SSH git URL of your repository (e.g. git@bitbucket.org:repo/project.git) and change remote-url on your client machine in your project root folder as:

# listing current remote-url
$ git remote -v 
origin https://guest@bitbucket.org/repo/project.git (fetch) 
origin https://guest@bitbucket.org/repo/project.git (push)

# change the url
$ git remote set-url origin git@bitbucket.org:repo/project.git

# verify if url changed by listing again
$ git remote -v 
origin git@bitbucket.org:repo/project.git (fetch) 
origin git@bitbucket.org:repo/project.git (push)
Enter fullscreen mode Exit fullscreen mode

Final Step

Voila! You have done all the configurations, now it's time to verify if the keys are working. You can verify by performing git pull in your project root folder. It should not ask for any credentials

Congratulations! 👏 You have successfully set up SSH for your git repository. Leave a comment if you face any issues.

See ya! until my next post 😋

Top comments (5)

Collapse
 
chsanch profile image
Christian Sánchez

Nice post, if you want your ssh keys to be more secure you can change the length of the default RSA algorithm used with:

ssh-keygen -t rsa -b 4096

Or even better use the Ed25519 algorithm:

ssh-keygen -t ed25519
Collapse
 
mausworks profile image
Rasmus Wennerström • Edited

Here's a dumb question — "How much more secure will I be if I use ED25519 over RSA?"

And are there any caveats to this?

EDIT: I posted this "dumb question", not because I like RSA, but because I'm curious

Collapse
 
rafaelcpalmeida profile image
Rafael Almeida

Have a look at this.

Thread Thread
 
mausworks profile image
Rasmus Wennerström

Great write-up, thanks for sharing this.

Collapse
 
victoryarema profile image
Victor Yarema

Just wanted to warn that "eval ssh-agent" is one of the worst advices. More secure way to do the same is
env | grep 'SSH_AGENT_PID=' || exec ssh-agent "${SHELL}"
For those who want to know why I recommend just to search for more information. There are many articles that describe it.