Work with SSH

Owned by Pavel Medvedev (Unlicensed)
Last updated: May 05, 2022 by Anna Odrynska

About SSH

 

Secure Shell (better known as SSH) is a cryptographic network protocol that allows users to securely perform a number of network services over an unsecured network. SSH keys provide a more secure way of logging into a server with SSH than using a password alone. While a password can eventually be cracked with a brute force attack, SSH keys are nearly impossible to decipher by brute force alone.

Generating a key pair provides you with two long strings of characters: a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password. You can increase security even more by protecting the private key with a passphrase.

Using the SSH protocol, you can connect and authenticate to remote servers and services. 

When you set up SSH, you'll generate an SSH key and add it to the ssh-agent and then add the key to your account. Adding the SSH key to the ssh-agent ensures that your SSH key has an extra layer of security through the use of a passphrase.

 

User Private Key

 

A user private key is a key that is kept secret by the SSH user on his/her client machine.

To protect the private key, it should be generated locally on a user’s machine (e.g. using PuTTYgen) and stored encrypted by a passphrase. The passphrase should be long enough (that’s why it’s called passphrase, not password) to withstand a brute-force attack for a reasonably long time, in case an attacker obtains the private key file.

 

User Public Key

 

A user public key is a counterpart to the user's private key. They are generated at the same time. The user public key can be safely revealed to anyone, without compromising user identity.

To allow authorization of the user on a server, the user public key is registered on the server. In the most widespread SSH server implementation, the OpenSSH, file ~/.ssh/authorized_keys is used for that.

 

Generating Your SSH Public Key

 

Many Git servers authenticate using SSH public keys. In order to provide a public key, each user in your system must generate one if they don’t already have one. This process is similar across all operating systems.

 

First, you should check to make sure you don’t already have a key. For Linux OS and Mac OS:

  1. Open the terminal.

  2. Enter ls -al ~/.ssh to see if existing SSH keys are present

 

$ ls -al ~/.ssh# Lists the files in your .ssh directory, if they exist

3. Review the directory listing to check if you already have a public SSH key. Please note: plugin works only with RSA type keys in PEM format. This format starts with “-----BEGIN RSA PRIVATE KEY-----” line.

 

If your key has another type or format, you should create new one or convert existing key to supported format. To convert private key execute the following command.

If you don't have an existing public and private key pair or don't wish to use any that are available to connect to Git, then generate a new SSH key.
If you see an existing public and private key pair listed (for example id_rsa.pub and id_rsa) that you would like to use to connect to Git account, you can add your SSH key to the ssh-agent.

 

Next step is to generate a new SSH key. Then add public key to your Git provider and private key to our plugin.

  1. Open the terminal.

  2. Paste this text, substituting in your email address
    -t - specifies the type of key, must be “rsa”
    -b - specifies the number of bits in the key. The minimum size is 1024 bits and the default size is 3072 bits
    -m - specifies type of key, must be “pem”

 

 

$ ssh-keygen -t rsa -b 4096 -m pem -C "your_email@example.com"

3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.

> Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter]

4. At the prompt, type a secure passphrase. For more information, see "Working with SSH key passphrases".

After you added public part of the key to the Git provider, you can add repository by ssh link. You will see a pop-up window with an interface with fields such as in the screenshot.

  1. Repository ssh link

  2. Passphrase. Leave it empty if your key is not protected by pass

  3. Click “Choose file” button to load ssh private key from the disk

  4. Alternatively you can copy your private key into textfield