QA 4 Code

Git the Ssh

Sunday, October 28, 2018

Motiv

I Hate some VCS tools: Specially Bart and Specially Source Tree. Having to input the username and password from time to time really bothers me. No matter how many times I have configured it in different PCs and OSes it eventually ends up asking for username and password…for some repos, or some operations.

So I got tired. I will use ssh with key pairs as I’ve been doing for ssh-ing to remote servers for many years now. Have a look at RSA too.

Another lil thing. Passwords are insecure by nature. Renewing passwords automatically would be hard if possible at all. Key pairs are very secure and can be automatically renewed with ease.

Since I am doing this on both Windows and Linux I will explain both. Windows has more steps as ssh is not very OS native.

Let’s crack on

Install openssh (windows only):

My favorite way for installing things in Windows is chocolatey. But any other should work as well.

choco install openssh -y

In my case I needed to manually execute the following script.

"$env:ProgramFiles/OpenSSH-Win64/install-sshd.ps1"

A friend of mine needed to manually start the service: go to windows services and start “OpenSSH Authentication Agent”.

Execute the agent from the console

The ssh agent takes care of serving keys to other softwares. For ssh to work with keys the agent must be running.

ssh-agent

Add startup (optional)

Get your self some keys

Let’s say you have two accounts: one personal, one corporate. Each will require its own.

Preferred method

Run ssh-keygen and follow prompts. You can find lil more here

Alternative

This one might be simpler. But be careful, you need additional steps as default file format is not good. here

Copy the keys to a folder

My favorite place would be ~/.ssh as it has special meaning for some ssh operations. The folder might look like:

~/.ssh
	personal
	corporate
	personal.pub
	corporate.pub

The files without the extensions are the private keys, the others are the public ones.

Restrict file access

Remove permission to all users but yourself. You might need to restart the PC for it to work.

  • For Windows use Properties > Security
  • For Linux chmod 500 <keyfile>

Add the keys to the agent

ssh-add ~/.ssh/personal
ssh-add ~/.ssh/corporate

Add public keys to VCS web

Bitbucket

https://confluence.atlassian.com/bitbucketserver/ssh-access-keys-for-system-use-776639781.html

Github

https://help.github.com/articles/connecting-to-github-with-ssh/

Add an ssh config file

Create a text file ~/.ssh/config. Make sure file has no BOM , I have tried with UTF-8 and Unix style (LF) line endings. This file tells ssh which key to use which each host, you can create aliases. Each entry should look like this:

# An entry
Host alias
	HostName host.com
	User git
	IdentityFile ~/.ssh/private-key-file

An entire file looks something like:

# Default - Personal
Host bitbucket.org
	HostName bitbucket.org
	User git
	IdentityFile ~/.ssh/personal

# Personal
Host personal
	HostName bitbucket.org
	User git
	IdentityFile ~/.ssh/personal

# Corporate
Host corporate
	HostName bitbucket.org
	User git
	IdentityFile ~/.ssh/corporate

Host github
	HostName github.com
	User git
	IdentityFile ~/.ssh/personal

Host github.com
	HostName github.com
	User git
	IdentityFile ~/.ssh/personal

Test:

ssh -T bibucket.org
ssh -T personal
ssh -T corporate

Clone a git repo:

git clone git@personal:project/repo
git clone git@corporate:project/repo

Clone a hg repo:

hg clone ssh://hg@bitbucket.org/project/repo

Bonus

Once you have an entry in you ssh config you can do any ssh operation with that host/credentials:

Remotely connect to a host

ssh your_user@somealias

Ssh copy file

scp your_user@somealias:~/source.txt destination/

Outro

Manually typing user name and passwords has become old fashioned. It is time consuming and insecure. In order for us to do things right we need simpler ways for doing so.

SSH has been around for more than 20 years. All this time proving itself as a hell of a good and simple tool with a very good record (few vulnerabilities).

Think it is 'bout time we embrace it.

References

https://tiffanybbrown.com/2017/06/using-multiple-ssh-keys-with-github/index.html
https://help.github.com/articles/testing-your-ssh-connection/

Posted by at

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )