is it possible to store the ssh key for pushing code to bitbucket
if so where can I find the ssh key
I just found "Access Keys" for the repository, but there is not the right one and I'm wondering if there is any other place where ssh keys can be added.
Related
I have 4 ssh-keys.
I was using a gpg authentication key for most of my projects but for some I had to use different ssh keys. Those ssh keys were in ~/.ssh/ and configured in ~/.ssh/config based on hostnames.
Yesterday I had to use another gpg authentication key. I added keygrip in ~/.gnupg/sshcontrol.
I could see that key was loaded via running ssh-add -L
Connection got refused when I tried to connect. I changed the order of keys in /.gnupg/sshcontrol and it worked.
Is there config option in gpg or ssh so that I can offer gpg authentication keys based on hostnames?
Thanks
I'm using Yubikey 5 NFC and want to move my openssh key into it so that I can authenticate for ssh login via this Yubikey.
Maybe you will suggest to generate a new gpg keypair for Yubikey and use the gpg-agent instead of ssh-agent to authenticate. But I still want to move my current ssh private key into Yubikey because this way I don't have to edit authorized_keys everywhere.
I tried to do this following this article:
https://www.mvps.net/docs/how-to-add-your-existing-ssh-key-to-yubikey-via-openpgp/
which suggest to use pem2openpgp from monkeysphere to translate my ssh key into gpg key and somehow write this translated gpg key into Yubikey (via keytocard command of gpg).
But after all these done. I find that the fingerprint of my ssh key is changed, this is confirmed by following command:
$ ssh-keygen -lf ~/.ssh/id_rsa.pub
$ ssh-add -l
And the fact that the fingerprint changed makes using my current ssh key meaningless -- I still need to edit authorized_keys everywhere to make the "new public key" work.
So is there any other way which can write my old ssh key into Yubikey and keep the old key's fingerprint?
I've used ssh-keygen to generate a ssh key pair, and then ssh-copy-id to copy the public key to the remote server. This has worked for all systems in my local network. I followed instructions similar to this link
However, on bitbucket and github, I see this additional step of adding the private key to the ssh-agent using ssh-add <private key>
This page explains what this additional step but why is that not needed for my local network when it is needed for github and bitbucket?
Thanks
The "Adding your SSH key to the ssh-agent" documented on GitHub (same on GitLab) is only there if you generate a private SSH key protected by a passphrase (meaning, encrypted)
The idea is that, for a private SSH key used for authenticating to a remote public service like GitHub or GitLab, it is better to have an encrypted key, which makes it less dangerous if said key is leaked.
This is different for a private SSH key used inside a LAN (in your local network): using a passphrase is still a good idea but not mandatory: if the SSH key leak, you still need access to the LAN in order to use it.
My problem is that one user forgot his ssh passphrase for key, so i had to generate new one and install it on all environments.
Here's the thing: I have created key without any passphrase and copied it to all servers (single key pair on all servers) so every server has the same id_rsa key and id_rsa.pub key added to authorized_keys. And the problem is I still can't login to these servers.
output:
user#server1:~$ ssh user#server2
Enter passphrase for key '/home/user/.ssh/id_rsa': <empty>
Permission denied (publickey).
user#server1:~$
I have no idea what may cause the problem. I have generated those keys twice, tried to use ssh-add command to be sure that system can see those keys but nothing helped.
Do you have any idea how to solve this problem?
Remove ".ssh" forlder in every user folder (e.g. /home/user1), then try to generate new keys again. ".ssh" folder is hidden by default, press CTRL + H to showing the hidden file and folders.
Also, you can ssh to a system as password-less :
ssh-keygen
ssh-copy-id user#host
After the key is copied, ssh into the machine is password-less :
ssh user#host
After change your key, type:
ssh-add
And to verify, type:
ssh-add -l
And verify with md5sum your id_rsa.pub in your host and authorized_keys on the server.
I've added my public key to the metadata for my project in the developer's console, when I ssh into an Ubuntu VM instance I can see my public key in the file ~/.ssh/authorized_keys but when I try to use it to clone a project from Bitbucket I receive the error Permission denied (publickey)
If I ssh-add -l I just get The agent has no identities. Is there something else I'm supposed to be doing to use my existing public key on GCE instances?
You are mixing up things. There are two keys, public and private (for example ~/.ssh/id_rsa{,.pub}). You are adding public key where you want to ssh/login and store private key on you computer/computer from where you want to ssh/login.
If you want to use your key pair for cloning from BitBucket from your VM, you need to do one of these things:
Using local forwarded keys
create key pair on local machine: ssh-keygen
store public key in BitBucket
add this key pair into ssh agent: ssh-add path/to/private/key
ssh into VM with agent forwarding: ssh -K your-vm
do your clone: git clone your-repo
Using separate key pair
ssh to your VM: ssh your-vm
create key pair on VM: ssh-keygen
store public key in BitBucket
do your clone: git clone your-repo
The first solution is more useful if you don't want to have many keys and the operations with repository will not happen without your participation (cron jobs). The second one is more helpful if you want to update repo using cron and run some automation on this.