Skip to content

Instantly share code, notes, and snippets.

@semick-dev

semick-dev/git-ssh.md

Last active May 22, 2024 23:57
Show Gist options
  • Save semick-dev/899a7fc3f5131f196e10426f9dcaafcb to your computer and use it in GitHub Desktop.
Save semick-dev/899a7fc3f5131f196e10426f9dcaafcb to your computer and use it in GitHub Desktop.
Download ZIP
How to use git SSH auth
Raw
git-ssh.md

Introduction to git SSH

Steps

  • Use a linux system.
  • Install git sudo apt-get install git
  • Installation of git should also install ssh and ssh-keygen
  • Generate an SSH key ssh-keygen -t ed25519 -C "your_email@example.com"
    • If on legacy system use ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
    • semick@terra:~$ ssh-keygen -t ed25519 -C "sbeddall@gmail.com"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/semick/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/semick/.ssh/id_ed25519
Your public key has been saved in /home/semick/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:VFEB7GL8Oho3Ej4nqsarZ5Lu0mNgotLVvV4lEdRqCOs sbeddall@gmail.com
The key's randomart image is:
+--[ED25519 256]--+
|         o*=o.   |
|      .  ....    |
|       +.o..     |
|      ..= +.     |
|     o.oS+. .    |
|o.  ..E.. .o     |
|+* .  * +o.      |
|* X  . B+o       |
|*Xo+. .o..       |
+----[SHA256]-----+
  • Ensure SSH-agent is running eval "$(ssh-agent -s)"
    • See windows details below if necessary.
  • Register your identity with the ssh-agent: ssh-add ~/.ssh/id_ed25519 (for the example above!)
    • Notice we specifically added the keyfile (without an extension) while ignoring the .pub for this operation.
    • Adding the key means that it won't prompt you for your passphrase every time a secure operation is invoked as well!
  • Dump the contents of the generated certificate pubkey using cat ~/.ssh/id_ed25519.pub
    • Copy those into the key section of Github.com -> Settings -> SSH and GPG Keys -> New SSH Key

Caching Keys

Specific to Windows, start the service

  • Start -> Type 'Services' and click on the Services App that appears.
  • Find the OpenSSH Authentication Agent service in the list.
  • Right-click on the OpenSSH Authentication Agent service, and choose 'Properties'.
  • Change the Startup type: to Automatic.
  • Click the Start button to change the service status to Running.
  • Dismiss the dialog by clicking OK, and close the Services app.

...or you can use pwsh in an admin window:

Set-Service -Name ssh-agent -StartupType Automatic
Set-Service -Name ssh-agent -Status Running

Specific to WSL / Ubuntu

You may need to start the agent. ssh-agent. Expect it to KILL your running session with the vm, for some reason.

A gotcha about keygen vs usage

You need to be certain that the ssh that is used by git is the same exe that is used to generate your key. If you're on a new machine, and simply install git, you will likely have the correct associations.

However, if you're not certain, you can make it certain.

I believe this works on all platforms, but git supports the environment variable GIT_SSH. You can use which ssh (in bash) or where ssh (on windows cmd) to figure out which is going to be used by ssh-keygen.

Once an identity has been added to the current session with ssh-add

Further secure operations in the current session shouldn't prompt for passkey. If they DO, then the key hasn't been cached properly.

A note about SSO

If you need the token to be usable with organizational security like Single Sign-On, configure that from Github.com -> Settings -> SSH and GPG Keys -> Configure SSO drop down button next to each key.

Reference Material

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment