Setting up OpenSSH authentication with Git

2 Minutes to read

Print
Share
Dark
Light
PDF

Setting up OpenSSH authentication with Git

2 Minutes to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

Overview

Allspice Hub uses two different forms of authentication to sync your files between the hub and your local filesystem.

HTTPS uses web authentication. It is easier to setup, but might require you to log onto the server for each git action.

SSH uses secure keys to encrypt and decrypt your files. It allows for faster and more secure transfer of files.

In this tutorial, we will show you how to setup your system using SSH with OpenSSH.

Setting up OpenSSH Authentication

Open a terminal such as git-bash and run the following command:

ssh-keygen -t ed25519 -C "youremail@example.com"

The program will prompt you for the name and location of the file. The default location is your user’s home directory (i.e. %HOMEPATH%). On windows this is c:\users\yourusername\.ssh\id_ed25519. We recommend you use the default so the key lookup is easier.

Generating public/private ed25519 key pair.
Enter file in which to save the key (/c/Users/Daniel/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/Daniel/.ssh/id_ed25519
Your public key has been saved in /c/Users/Daniel/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:ToBmBILxjCdjcpBJ4iIPlQfZOVFfMvdb5TSMoI4KMCg youremail@example.com

You will be prompted to enter a passphrase twice. It is highly recommended to use a passphrase to secure the key.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

The program will output the private and public key location. Protect the private key as you would a password.

Your identification has been saved in /c/Users/Daniel/.ssh/id_ed25519
Your public key has been saved in /c/Users/Daniel/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:ToBmBILxjCdjcpBJ4iIPlQfZOVFfMvdb5TSMoI4KMCg youremail@example.com

Log into your hub.allspice.io account and navigate to https://hub.allspice.io/<user>/settings/keys and click Manage SSH Keys → Add Key.

Key settings are opened and SSH/GPG Keys tab is selected. To the left it says manage SSH keys and on that same line, to the right, there is an add key button outlined in red. Underneath it says manage GPG keys with an add key button to the right.

Copy the contents of the public key file either by opening the file and copying the contents, or by running the following command in git-bash:

cat ~/.ssh/id_ed25519.pub | clip

Name your key, then paste the public key value into the Content field, and click Add Key.

A prompt to enter your key's name with a box labeled content underneath. At the bottom there is an add key button in green outlined in red.

You should see your key, along with the SHA256 fingerprint, which should match the fingerprint from the key generator.

Click Verify to start the process to verify the key.

The key and its SHA256 fingerprint are shown. To the right there is a remove button in red, and beside it is a verify button in blue.

The verification dialog will generate a token and a command for you to run in the terminal.

Verification dialog generated token is shown in the token prompt, with a red remove button in the top right, along with a veriy button and cancel button at the bottom.

Copy the command that the website generates and run it in a terminal like git-bash

Change /path_to_your_pubkey to the location of your public key, most likely %HOMEPATH%/.ssh/id_ed25519.pub

Your token will be different and generated live by the website.

echo -n "94ca2b130aaaa9fe1ca34e2327c5b048c4c1a4608201cc860581b4c62bc670a5" | ssh-keygen -Y sign -n gitea -f /path_to_your_pubkey

Here is an example with the default path:

echo -n "94ca2b130aaaa9fe1ca34e2327c5b048c4c1a4608201cc860581b4c62bc670a5" | ssh-keygen -Y sign -n gitea -f ~/.ssh/id_ed25519.pub

You will be prompted to enter your passphrase:

Git for windows page with a prompt to enter passphrase.

The program will return an SSH signature. Copy the sig.

-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgdn8sdB2U3ZhiC6ZA2BqpHfv1Nv
ER/Cw278sq7HdMproAAAAFZ2l0ZWEAAAAAAAAABnNoYTUxMgAAAFMAAAALc3NoLWVkMjU1
MTkAAABA2wyLAZb+Uwge7RNisK0uw9B6Oa9IqUMLUjcRxThV3SI9VlrEroDzuTWyXsYz1R
lQmmnOsFkmCs6biOkoVRteAg==
-----END SSH SIGNATURE-----

Paste the signature into the “Armored SSH signature” field and click Verify.

Signature provided above is pasted into the armored SSH signature prompt. There is a verify button in green and a cancel button in red at the bottom.

Here is an example of a successful key verification:

example of a successful key verification. There is a red remove button on the right.

If the process doesn’t work, remove the key from hub.allspice.io and your local machine and start over and generate a new key, paying special attention to all the details.

Set up SSH in TortoiseGit

Right click in a file explorer and select TortoiseGit→Settings.

TortoiseGit settings is selected and outlined in red.

Select Network.

Enter the location of your SSH client in the “SSH Client:” field and then click OK.

common locations are:

c:\Program Files\Git\usr\bin\ssh.exe

C:\Windows\System32\OpenSSH\ssh.exe

Under settings, the network settings are opened. The location of the SSH client is entered in the SSH client text prompt. There is an ok, cancel, apply, and help button at the bottom. Ok is outlined in red.

Test SSH key

Copy a SSH repo link, either from our example, or from your own repository.

Example URL: git@hub.allspice.io:johnny-5/HelloWorld.git

Example repo is opened in the file tab with the repo link pasted in the SSH/HTTPS prompt on the right. Copy URL button is hovered over and outlined in red.

Right click in a file explorer window and select Git Clone.

Git clone is selected after right-clicking in a file explorer.

Enter the SSH link into the URL field and verify that the Directory is the correct location then click OK.

Git clone - TortoiseGit is opened. Under clone existing repository, the SSH link is entered into the URL, which is also outlined in red. At the bottom the ok button is outlined in red.