An SSH key is an access credential for the SSH (secure shell) network protocol. This authenticated and encrypted secure network protocol is used for remote communication between machines on an unsecured open network. SSH is used for remote file transfer, network management, and remote operating system access. The SSH acronym is also used to describe a set of tools used to interact with the SSH protocol.
SourceTree doesn't actually call these functions, it's Git that does it. If auth fails then Git may call 'delete', removing the key from the keychain so that it can try again. This may be what's happening in your case. The username sticks around because SourceTree stores that against the remote URL. Jan 16, 2014 SourceTree doesn't actually call these functions, it's Git that does it. If auth fails then Git may call 'delete', removing the key from the keychain so that it can try again. This may be what's happening in your case. The username sticks around because SourceTree stores that against the remote URL. Since I also have my gitlab.com credentials stored in keychain for the browser to use, it is my guess that there is a collision in the Sourcetree app when it tries to save the credentials to keychain. Sourcetree is going to need to store them in Keychain using some attributes that. The Git password (Github /Bitbucket) is (should be!) different from your keychain password. Sourcetree will prompt you for both at different times. The only way I've got Sourcetree to work is to delete the Sourcetree entry from the keychain and read the password prompts in Sourcetree very carefully each time.
From Sourcetree, click the Branch button. Depending on whether you have a Git or Mercurial repository, you see a different popup for creating a new branch. From the New Branch or Create a new branch field, enter wish-list for the name of your branch. Click Create Branch or OK. From Sourcetree, click the Show in Finder button. The directory on.
SSH uses a pair of keys to initiate a secure handshake between remote parties. The key pair contains a public and private key. The private vs public nomenclature can be confusing as they are both called keys. It is more helpful to think of the public key as a 'lock' and the private key as the 'key'. You give the public 'lock' to remote parties to encrypt or 'lock' data. This data is then opened with the 'private' key which you hold in a secure place.
How to Create an SSH Key
SSH keys are generated through a public key cryptographic algorithm, the most common being RSA or DSA. At a very high level SSH keys are generated through a mathematical formula that takes 2 prime numbers and a random seed variable to output the public and private key. This is a one-way formula that ensures the public key can be derived from the private key but the private key cannot be derived from the public key.
SSH keys are created using a key generation tool. The SSH command line tool suite includes a keygen tool. Most git hosting providers offer guides on how to create an SSH Key.
Generate an SSH Key on Mac and Linux
Both OsX and Linux operating systems have comprehensive modern terminal applications that ship with the SSH suite installed. The process for creating an SSH key is the same between them.
1. execute the following to begin the key creation
This command will create a new SSH key using the email as a label
2. You will then be prompted to 'Enter a file in which to save the key.'
You can specify a file location or press “Enter” to accept the default file location.
3. The next prompt will ask for a secure passphrase.
A passphrase will add an additional layer of security to the SSH and will be required anytime the SSH key is used. If someone gains access to the computer that private keys are stored on, they could also gain access to any system that uses that key. Adding a passphrase to keys will prevent this scenario.
At this point, a new SSH key will have been generated at the previously specified file path.
4. Add the new SSH key to the ssh-agent
The ssh-agent is another program that is part of the SSH toolsuite. The ssh-agent is responsible for holding private keys. Think of it like a keychain. In addition to holding private keys it also brokers requests to sign SSH requests with the private keys so that private keys are never passed around unsecurly.
Before adding the new SSH key to the ssh-agent first ensure the ssh-agent is running by executing:
Once the ssh-agent is running the following command will add the new SSH key to the local SSH agent.
The new SSH key is now registered and ready to use!
Generate an SSH Key on Windows
Windows environments do not have a standard default unix shell. External shell programs will need to be installed for to have a complete keygen experience. The most straight forward option is to utilize Git Bash. Once Git Bash is installed the same steps for Linux and Mac can be followed within the Git Bash shell.
Windows Linux Subsystem
Modern windows environments offer a windows linux subsystem. The windows linux subsystem offers a full linux shell within a traditional windows environment. If a linux subsystem is available the same steps previously discussed for Linux and Mac can be followed with in the windows linux subsystem.
Summary
SSH keys are used to authenticate secure connections. Following this guide, you will be able to create and start using an SSH key. Git is capable of using SSH keys instead of traditional password authentication when pushing or pulling to remote repositories. Modern hosted git solutions like Bitbucket support SSH key authentication.
For the past year or so, we’ve been using Git as our version control system. My introduction to the GUIs around Git was SourceTree (although I’ve made an effort to learn the commands) but I have also used poshgit and Git Bash. Recently, we’ve started using SSH keys instead of HTTPS and I had to learn how to set up my repositories with SSH. Everywhere and everyone tells you this is straight forward and it is when the critical path works but when something is wrong, it gets more difficult. A lot of unnecessarily complex documents does not help either. So I’m going to details all the steps that I took in the hope that it could helps someone.
Sourcetree Github Keychain
My setup for this task is Git (you can use the embedded git within SourceTree), SourceTree and BitBucket (previously used Google Drive to host my git repositories).
- Open SourceTree and click on the Terminal icon (this is Git Bash)
- Type the following command in
- ls –all ~/.ssh (this will list any existing ssh keys in C:Users.ssh, this is the default but can be changed when generating the key).
- Next, generate the key
- ssh-keygen –t rsa –b 4096 –C “”
- It will ask you where you’d like to store the files, I accepted the default but you can specify a directory if you wish.
- Then enter a passphrase, I would recommend you provide a passphrase from a security standpoint.
- You should now see this this:
- There should be two key files id_rsa (private) and id_rsa.pub now created.
- Still using the terminal (Git Bash) in SourceTree, type:
- eval $(ssh-agent). There are many ways to start the SSH agent but this is only way it would work for me. It should give you a process id back, something like, Agent pid 1234
- Finally using this command to add the new key
- ssh-add ~/.ssh/id_rsa
- If successful, the output should say that an identity has been created.
- You should never have to type in the passphrase again.
- Log into BitBucket
- Select the icon on the top right of the browser and select Manage Account
- From the Security menu, select SSH Key then Add Key
- Add you public key (id_rsa.pub) to the text area and then Add Key again
Note, your public key in this file is in a different format from what BitBucket expects. My recommendation for this scenario is to go to SourceTree – Tools – Create or Import SSH Keys. This starts a Putty Generator that has the ability to load existing keys. The generator will then show the public key in a user friendly format to be copied and used within BitBucket.
In Stage 1, the SSH key was generated and set up for the Git Bash terminal, now we want to take that SSH key and use it within the SourceTree GUI.
- First step is to go to Tools – Create or Import SSH Key
- Load your existing private key in.
- Click on “Save Private Key”. This has to be saved in the Putty .ppk format. I would recommend that you didn’t save this private key to the .ssh folder in case of conflicts between two keys.
- Next is to launch the SSH agent – Putty comes with SourceTree.
- Make sure Pagent is running ( little computer with a hat on sitting in your windows tray).
- Add the key to the SSH agent by right clicking on Putty Pagent and selecting “Add Key”. It is Pagent that stops the user from entering the passphrase all the time by holding key and making it available to SourceTree.
- A further step is to add the .ppk key to Tools – Options – General – SSH Client Configuration.
That’s it! I was all around the houses trying to fix various errors and configure. Some of the problems I faced were:
- Permission denied (public key). I believe it was a combination of errors on my part. One, I had created too many key files in the .ssh directory and it didn’t know what one to choose. Second, I hadn’t set up SourceTree correctly. The SSH key had to be a .ppk key and not the id_rsa key, which I’d generated.
- Could not open a connection to your authentication agent. I believe this was down to me changing from Putty to OpenSSH. OpenSSH just never launched, no wonder it couldn’t get a connection.
- It took ages to clone a repository. SourceTree GUI doesn’t give a lot of feedback with what is going on, not like Git Bash. I thought it wasn’t working.
My tip would be to test the connection using “ssh –T git@bitbucket.org”. This command with provide decent feedback if you have or haven’t authenticated. So open Git Bash and type this in.
A good topic for debate is why go to all the trouble of using SSH keys? Why not, use HTTPS and cache you account details in winstore?
Sourcetree Keychain App
Update:
Discovered this morning that if you shut SourceTree down, if you use the Git Bash terminal, you will need to repeat Stage 2.
Sourcetree Keychain Download
References