What is SSH | Why it is useful | How to setup SSH keys on GitHub and Bitbucket
Are you tired of typing password each time you try to push your commits on github or bitbucket? Setup SSH keys to solve this problem.
Usually, working on our project, we clone our repository using HTTPS. Something like this,
raman@raman-Inspiron-15-3552:~/Documents$ git clone https://github.com/ramankarki/portfolio.git
Cloning into 'portfolio'...
remote: Enumerating objects: 586, done.
remote: Counting objects: 100% (586/586), done.
remote: Compressing objects: 100% (392/392), done.
remote: Total 586 (delta 263), reused 512 (delta 192), pack-reused 0
Receiving objects: 100% (586/586), 4.59 MiB | 2.05 MiB/s, done.
Resolving deltas: 100% (263/263), done.
raman@raman-Inspiron-15-3552:~/Documents$
We make changes and try to push our commits like this,
raman@raman-Inspiron-15-3552:~/Documents/portfolio$ git push
Username for 'https://github.com':
The problem:
Every time we try to push our code, we have to enter our username and password. And that can be frustrating while we are working on our project for long hours.
The solution:
If you didn't notice, let me tell you. There are two ways of cloning your repository.
- HTTPS - This is what you saw above.
- SSH - This is our solution to this problem. We setup once and never have to enter our credentials.
What is SSH?
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.
So now we know about SSH and its use case.
Let's setup our SSH keys locally.
To begin with, we create SSH keys in our terminal. Enter ssh-keygen -C "yourmail@gmail.com"
and just press enter on each prompt you get.
raman@raman-Inspiron-15-3552:~$ ssh-keygen -C "yourmail@gmail.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/raman/.ssh/id_rsa):
Created directory '/home/raman/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/raman/.ssh/id_rsa
Your public key has been saved in /home/raman/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:UZ4+fPyPB1MMh7ko2Z6GErZkHusEF5/PbDM2IjltcP0 raman@raman-Inspiron-15-3552
The key's randomart image is:
+---[RSA 3072]----+
| . o |
| .o . + .|
| .oo= . = |
| . O+*.+ . o|
| BSX+Boo . |
| X =o&.E |
| o = = +.o |
| . o.|
| ...|
+----[SHA256]-----+
raman@raman-Inspiron-15-3552:~$
By default your private key will be saved in '.ssh/id_rsa' file and public key in '.ssh/id_rsa. pub'.
With SSH keys, if someone gains access to your computer, they also gain access to every system that uses that key. To add an extra layer of security, you can add a passphrase to your SSH key. A passphrase is similar to a password. But in our case, we didn't add any passphrase. It's ok if our device won't be used by anyone. But if you are working on a team, you should definitely add one.
Now we setup SSH keys on GitHub
- Just go to your GitHub settings page and move to SSH and GPG keys tab
Page looks something like this,
- Click on the New SSH key button
- Move to your terminal and enter
cat .ssh/id_rsa.pub
You should see a long random string, That's your public SSH keyraman@raman-Inspiron-15-3552:~$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDMH4lNfHFGF0G0F7kYvrVOKjSMfzKwYb+gttcSUQbbBSD/3xq3XkduZkx6eQ+j6HtBMbAV0uqO2VQDK7XIXM2mvn7btKM7oQDBftGX1Xtrw8oE3UnUiorQVZkOlF76ApX5xgLFr1eT6QTFhdgdGT6s3yw1zNIa/cjia9j29P7tnNy7voUyLdBUVG8S6sRI9SC229AFP3XEyp7sefydTfI/cEJXcEBbEG71YNhkCqHnywALoTrq+PztpdZlZu+SVeidaIK76rz7Iqta/TnfymYvhqs830eGNE5hbHYjnZELyViRnFWeLAlzXa3zjCf0l62jMhKfz7lnOxPp5Go5We30rNWKgj5z1shEAcbp1L3iWQO+OJvghNT3RZBpqRm5sEwzNGNrH4V1r518QeQsPSSMVsXaoelyI7siKD2P4i3HFs5EjAtKmI1eVGGdugrZ2zVoAi+Moue7QGWNeTSz4Ks5TgeDdtrhVTqRpRnAFW7jaA3KGtnOUjgJBP8KW4u7vc= raman@raman-Inspiron-15-3552 raman@raman-Inspiron-15-3552:~$
- Copy everything that appeared on your terminal, starting from 'ssh-rsa'
- Move to your browser (same GitHub settings page) and enter Title whatever you want it doesn't matter.
- Paste your public SSH key on Key field and click Add SSH key button.
GitHub should have redirected you to enter your password for confirmation.
And with that all done, Our SSH keys setup is complete. From today we clone our repository using SSH.
Let's test it out 🥳🥳
We clone and push our commits using SSH.
- Go to your repository and choose SSH option for cloning.
raman@raman-Inspiron-15-3552:~$ git clone git@github.com:ramankarki/portfolio.git Cloning into 'portfolio'... The authenticity of host 'github.com (13.250.177.223)' can't be established. RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'github.com,13.250.177.223' (RSA) to the list of known hosts. remote: Enumerating objects: 586, done. remote: Counting objects: 100% (586/586), done. remote: Compressing objects: 100% (392/392), done. remote: Total 586 (delta 263), reused 512 (delta 192), pack-reused 0 Receiving objects: 100% (586/586), 4.59 MiB | 1.97 MiB/s, done. Resolving deltas: 100% (263/263), done. raman@raman-Inspiron-15-3552:~$
- Make some changes and try to push your code.
raman@raman-Inspiron-15-3552:~/portfolio$ git push Warning: Permanently added the RSA host key for IP address '20.205.243.166' to the list of known hosts. Enumerating objects: 7, done. Counting objects: 100% (7/7), done. Delta compression using up to 2 threads Compressing objects: 100% (4/4), done. Writing objects: 100% (4/4), 375 bytes | 375.00 KiB/s, done. Total 4 (delta 2), reused 0 (delta 0) remote: Resolving deltas: 100% (2/2), completed with 2 local objects. To github.com:ramankarki/portfolio.git c85c73f..348bbb1 master -> master raman@raman-Inspiron-15-3552:~/portfolio$
Your code should have pushed on GitHub without prompting you to enter you username and password.
Adding our same public SSH key on Bitbucket
- Go to your Bitbucket settings page and move to SSH keys tab.
- Add your public SSH key like you did on GitHub and clone your repository using SSH.
Common problems ⛔
There are some common problems that we see while using SSH and here is one.
The authenticity of host 'github.com (20.205.243.166)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
It prevents you from performing any action with GitHub thinking that you might be the intruder. The simple solution for this is to make a SSH key scanning manually. Something like this,
ssh-keyscan github.com >> ~/.ssh/known_hosts
This will do some testing for SSH Authentication. And after that, you will be able to perform any action with GitHub normally. Now, try pushing your code on GitHub and you should see some logs on your terminal.
Warning: Permanently added the RSA host key for IP address '20.205.243.166' to the list of known hosts.
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 2 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 505 bytes | 505.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: Resolving deltas: 100% (1/1), completed with 1 local object.
To github.com:ramankarki/easy-stationary.git
008b49f..e3b941c main -> main
So, that's it on this topic. Hope you fixed your problem.
Let me know if I missed something.
Thank you for reading this blog. ❤️❤️