Consider you are deploying an application on a server which is maintained by Git versioning system. You clone the git repository through your own credentials and set up the system. When you run git pull, it will ask for credentials again. This is certainly not what you are looking out, right? You want something by which you can pull the changes without anyone's credentials. The answer is - connecting to git via SSH.
Surely, this is not the only use case where you can make use of this feature. It can also help you in use cases like building pipelines. Now that we have a bit of context, let's understand how it works.
✋ For simplicity, we are assuming that the client machine is running on Linux operating server. This assumption is only for the commands that we run on operating system. The steps for configuring SSH for git remains the same irrespective of the operating system. For other operating systems, you can use respective commands to achieve the results.
About SSH
SSH is a protocol by which you can connect and authenticate to remote servers and services. SSH establishes a secured connection between two parties(client and server), authenticating each side to the other, and passing commands and output back and forth. With SSH keys, you can connect to Git hosting servers(e.g GitHub, BitBucket) without supplying your username or password at each visit.
Understanding the SSH workflow is out of the purview of this post, hence we will restrict our discussions to the topic.
Setting up SSH keys
When you set up SSH, you create a key pair - private and public keys. Private key is saved to your local computer, generally in .ssh folder. Public key is passed (uploaded) to the server to authenticate the request.
Before creating new keys, you can check if you already have key pair created.
$ ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist
Check the directory listing to see if you already have a public SSH key. By default, the filename of the public key ends with .pub e.g. id_rsa.pub
If you don't have an existing public and private key pair, or don't wish to use existing keys, then generate a new SSH key by following the steps below:
- Generate key using
ssh-keygen
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest/.ssh/id_rsa):
-
Configuring the key
You will be asked to customize filename and passphrase. You can just hit Enter if you want to keep the defaults. The whole interaction will look similar to the following:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest/.ssh/id_rsa):
Created directory '/home/guest/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/guest/.ssh/id_rsa.
Your public key has been saved in /home/guest/.ssh/id_rsa.pub.
The key fingerprint is:
4c:80:61:2c:00:3f:9d:dc:08:41:2e:c0:cf:b9:17:69 guest@myhost.local
The key's randomart image is:
+--[ RSA 2048]----+
|*o+ooo. |
|.+.=o+ . |
|. *.* o . |
| . = E o |
| o . S |
| . . |
| . |
| |
| |
+-----------------+
- Verify the keys that have been created by listing the directory
$ ls ~/.ssh
id_rsa id_rsa.pub
You will get a pair of key filenames as an output. id_rsa is the private key and id_rsa.pub is the public key.
Adding key to the ssh-agent
If you don't want to type your password each time you use the key, you'll need to add it to the ssh-agent.
# start the ssh agent
$ eval `ssh-agent`
Agent pid 9700
# add your private key (the filename without .pub)
$ ssh-add ~/.ssh/id_rsa
Add your public key to the server (GitHub, BitBucket)
Once you have created your key pair, it is time to add your public key to git hosting server to authenticate you ssh communication. You can follow the steps in the link for adding keys to GitHub and BitBucket (Step 4)
Change the remote URL to your repository
Copy the SSH git URL of your repository (e.g. git@bitbucket.org:repo/project.git) and change remote-url on your client machine in your project root folder as:
# listing current remote-url
$ git remote -v
origin https://guest@bitbucket.org/repo/project.git (fetch)
origin https://guest@bitbucket.org/repo/project.git (push)
# change the url
$ git remote set-url origin git@bitbucket.org:repo/project.git
# verify if url changed by listing again
$ git remote -v
origin git@bitbucket.org:repo/project.git (fetch)
origin git@bitbucket.org:repo/project.git (push)
Final Step
Voila! You have done all the configurations, now it's time to verify if the keys are working. You can verify by performing git pull in your project root folder. It should not ask for any credentials
Congratulations! 👏 You have successfully set up SSH for your git repository. Leave a comment if you face any issues.
See ya! until my next post 😋
Top comments (5)
Nice post, if you want your ssh keys to be more secure you can change the length of the default RSA algorithm used with:
Or even better use the Ed25519 algorithm:
Here's a dumb question — "How much more secure will I be if I use ED25519 over RSA?"
And are there any caveats to this?
EDIT: I posted this "dumb question", not because I like RSA, but because I'm curious
Have a look at this.
Great write-up, thanks for sharing this.
Just wanted to warn that "eval
ssh-agent" is one of the worst advices. More secure way to do the same isenv | grep 'SSH_AGENT_PID=' || exec ssh-agent "${SHELL}"
For those who want to know why I recommend just to search for more information. There are many articles that describe it.