I've set up my local system for working with GitHub how descrided in the "Generating SSH Keys" How-To.
The key files and the known_hosts have been created, the public key has been added to the GitHub account, and I get the message "Hi ***! You've successfully authenticated, but GitHub does not provide shell access."
But all my attempts to do something, what needs a connection to the server (EDIT: with writing access) -- git clone, git push etc. -- end with an error:
fatal: The remote end hung up unexpectedly
EDIT:
I can clone, but only via HTTP (https://github.com/account/reponame.git) or Git Read-Only (git://github.com/account/reponame.git).
EDIT:
***#**** ~/.ssh
$ ssh-add -l
Could not open a connection to your authentication agent.
Although an ssh-agent daemon (ssh-agent.exe) is running.
Probably that is the problem.
The only instance where that error message pops up, while your public ssh key is correctly recorded by GitHub, is when
you try to clone a repo with a wrong case or an improper ssh url.
It should be:
git clone git#github.com:user/repo.git
you try to clone a repo for which you don't have write access (public repo), or any access (private repo).
From the GitHub page "Which remote URL should I use?"
To use these URLs, you must have write access to a public repo or any access to a private repo.
These URLs will not work with a public repo you do not have write access to.
the private key is passphrase protected and your authentication agent doesn't run properly:
$ ssh-add -l
Could not open a connection to your authentication agent.
For the last case, consider "How to run (git/ssh) authentication agent?" or "ssh-add complains: Could not open a connection to your authentication agent"
It works!
I've started the Pageant (PuTTY SSH authentication agent) and added my PuTTY private key id_rsa.pkk (exported with PuTTYgen (PuTTY Key Generator) from id_rsa) to it. Now I can write to my repos.
A small how-to for everyone, who has the same troubles I had:
0) Set up the local system for working with GitHub, how descrided in the "Generating SSH Keys" How-To.
1) Open PuTTYgen, load/import the (OpenSSH) private key id_rsa and save it (button Save private key) as id_rsa.pkk (in the same folder, where id_rsa is saved, -- ~/.ssh). You need this PuTTY variant of the key for PuTTY authentification with Pageant and (if you use it) TortoiseGit.
2a) Open Pageant (on my computer it's C:\Program Files (x86)\PuTTY\pageant.exe) and add the PuTTY private key. Or just open the PuTTY private key file (id_rsa.pkk) with Pageant.
2b) For TrtoiseGit I had only to set the SSH client (C:\Program Files (x86)\Git\bin\ssh.exe) in the global TrtoiseGit settings.
That's it.
I've got it working, but I don't have a deep understanding of this
thema and cannot provide a low level explanation of the solution and
the causes of this problem (and e.g why it was working in some clients
and wasn't in some others). So feel free to edit/comment this post, if
you can explain all this better.
Related
i can't get a point and understand how it works and what is necessary to do.
I have an account by GitLab and successfully generated private and public certificate in order to provide access to it. I done all steps as describes the https://gitlab.com/help/ssh/README#generating-a-new-ssh-key-pair . Now i decided to create a new project and synchronize the state between gitLab project and one i created local by me. Because i have access to machine, which i used to create both certificate, i simply copied the public key from one machine (located in ~/.ssh folder) to current machine i am working in (in ~/.ssh folder). But it doesn't take any effect. I can't even execute the git clone command.
~> git clone git#gitlab.com:[myUser]/[myProject].git
Cloning into 'gate-controller'...
git#gitlab.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
i tried to figure out the reason and executed
~> ssh -vT git#gitlab.com
but to be a honest i can't interpret that response. I don't see in response any reference to my public keys file in ssh folder.
Could you please support me to solved the issue and understand, what is the problem ?
many thanks in advance
UPDATE:
You need the private key on any machine you're attempting to pull/push from. When authenticating with a service that has your public key (which any git service like Github, Gitlab, etc. will have) you need to use your private key when authenticating.
You can read more about ssh (which git uses when you don't use HTTPS auth) and PKI (Public Key Infrastructure) here https://www.ssh.com/pki/
I have been able to set up SSH access to my Google Cloud Platform VM via SFTP using WinSCP, but I now wish to do the same using another VM.
I have tried the ssh-keygen -t rsa , ssh-copy-id demo#198.51.100.0 method but always come up against the "Permission denied (public key)" error which from researching seems to be a pretty widespread issue with few reliable fixes (all the ones I tried didn't work).
I used PuttyGen to create the public and private key, and inserted the public key onto the server just through GCP settings, adding it under the SSH settings for my instance.
I am just confused on what to do with the private key when simply trying to sftp through the terminal on a separate VM, as before I would load the private key into WinSCP settings. Is there a folder I need to place it in or?
Regarding your first issue of "Permission denied (public key)" error, please follow the troubleshooting in this link and this.
About your other question of "what to do with the private key when simply trying to sftp through the terminal", that depends on the settings of the specific the 3rd party SFTP tool you are using. To locate the locations of SSH key after generating them, please review this document.
Once you have added the public key in the VM, you would need to boot the VM for public key to take effect. Try rebooting it and try
I'm running a CI machine on AppCenter and need to allow read/write access to a private BitBucket repository but I can't figure out how to do this.
My approach is to create an ssh key and during CI builds add the private key to the machine ssh-agent using ssh-add -K (mac machine).
I've created an ssh key on my local computer (mac) using ssh-keygen and uploaded the .pub key to BitBucket. Then as my CI runs I'm trying to take the private key and add it to the ssh-agent but I'm being prompt to enter a password and can't figure out how to inject it in a non-interactive shell mode.
Is this the right approach to grant access to BitBucket in CI? if so, how can I add an ssh key without being prompt to enter a password?
Scripts are in Ruby or Bash.
The repo contains certificates used for Fastlane Match
Answering my own question...
I ended up using BitBucket AppPasword and cloning via https. I think there has to be a better way but this work for my needs at the moment.
I needed access from my CI to a private BitBucket certificates repo to use with Fastlane Match, the value in my MatchFile forgit_url that allows me to clone the repo is:
git_url "https://{BITBUCKET_USER}:{BITBUCKET_APP_PASSWORD}#bitbucket.org/{BITBUCKET_USER}/{REPO}.git"
You can obtain a bitbucket app password by clicking your profile (Avatar) -> Settings -> App Passwords
We have a 'master' Mercurial server on our network that we use for a local staging box. Our team does all of our pushes and pulls to/from this one box. I'm having trouble with the implementation I'm using, but I'm also second guessing whether what I want to do is even a good idea...
We also want to start using BitBucket, but only as a secondary server. I'd like to use a hook to automatically push to Bitbucket, but I can't get it working right...
Here's the HGRC from the 'master' repo:
[hooks]
changegroup =
changegroup.update = hg update
changegroup.bitbucket = hg push ssh://hg#bitbucket.org/account/repo
If I manually fire off the above push, everything works perfectly. However, as a hook it fails:
warning: changegroup.bitbucket hook exited with status 255
I followed this guide to get SSH working: Set up SSH for Git and Mercurial on Mac OSX/Linux
I get my keys generated, I run ssh-agent, and I ssh-add the key. But ssh-agent doesn't seem to be doing anything, and as soon as I exit the SSH session it seems to leave memory. Additionally, when I test it out with ssh -Tv hg#bitbucket.org it prompts me for my password. I thought the whole point of this was for it not to do that?
But taking a step back, maybe this is a terrible idea to being with. If I give my public key to Bitbucket wouldn't that theoretically mean if someone got a hold of it, they could SSH in to my box without a password?
And if so, what alternative do I have to forward commits to bitbucket? I'd rather not use HTTPS because it would require putting our bitbucket password as plain/text in the .hg/hgrc file...
Maybe there's some more obvious way to do this that I'm missing? For the developers, I'd rather keep things the way they are now (everyone push to master) instead of reconfiguring everyone's developer box to have a private key and to push to bitbucket instead...
As always, thanks for any help you guys can provide.
Woah, there are a lot of questions there. I'll hit a few of 'em:
But ssh-agent doesn't seem to be doing anything, and as soon as I exit the SSH session it seems to leave memory.
You're correct. ssh-agent is for interactive sessions, not for automation. In most usages when you log out it's killed, but even if that weren't the case it wouldn't be working as you imagine because when someone does that hg push they're running a new, non-interactive session that wouldn't have access to the ssh-agent anyway
Additionally, when I test it out with ssh -Tv hg#bitbucket.org it prompts me for my password.
Testing it out like that isn't valid. That's saying "I want to log into an interactive session at bitbucket with the username hg", but that's not what they authorize you to do. If you send them your public key they let you login as the user hg only for the purposes of doing hg non-interactive commands.
Additionally, when I test it out with ssh -Tv hg#bitbucket.org it prompts me for my password.
No, public keys are meant to be public -- you can list anyone's on github for example. The public key just says "anyone who has the private key that matches this is authorized to...", so any site that wants your private key are crooks, but any site that wants you public key is just offering you a way to use something better than a password.
One thing you may be missing about hooks is "who" the hook runs as. When people are pushing to your "centralish" repo over ssh that the hook is being run as their unix user, and if they're pushing over http the hook is being run as the web server's user.
If you had:
a private ssh key with no password on it
the public key matching that private key setup on bitbucket
the unix user running the hook using that private key for access to bitbucket.org
then what you're trying to do would work.
I have repository on both github.com and bitbucket.org, and I am very familiar using Git Extensions for all repository functions... But when I started using bitbucket.org repositories I have to use TortoiseHg SVN for it ... so I want to ask that is there a way I can use Git Extensions for Bitbucket repositories?
I haven't fully tested it, but these steps allowed me to clone a Bitbucket repository in Git Extensions.
You can use PuTTY to generate a public/private SSH key, then add that key to Bitbucket.
Run GitExtensions\PuTTY\puttygen.exe
Click Generate
Click Save public key (as a text file)
Click Save private key (as a ppk file)
Run GitExtensions\PuTTY\pageant.exe C:\path\to\ppk-file.ppk
Log into Bitbucket
Go into Account settings (Settings → Security → SSH keys*)
Paste your public key into the SSH keys text input as (spaces are important, do not include square brackets around the public key):
ssh-rsa [AA-YOUR-PUBLIC-KEY-ALL-ONE-LINE-SPACES-REMOVED-==] youremail#domain.example
Click Add key
In Git Extensions, click Clone repository
Use the SSH repository link on Bitbucket as the repository to clone
Click Load SSH key
Browse to and load the ppk file
Click Clone
I found that most of this worked for me with just a few small changes.
Run GitExtensions\PuTTY\puttygen.exe
Click Generate
Click Save public key (as a text file)
Click Save private key (as a ppk file)
Didn't have to run this step --Run GitExtensions\PuTTY\pageant.exe C:\path\to\ppk-file.ppk--
Log into bitbucket
Go into Account settings
Paste your public key into the SSH keys text input as (spaces are important but with no email address on the end): ssh-rsa [AA-YOUR-PUBLIC-KEY-ALL-ONE-LINE-SPACES-REMOVED-==]
Click Add key
In Git Extensions, click Clone repository
Use the SSH repository link on bitbucket as the Repository to clone ( i.e. git#bitbucket.org:yourname/repo.git)
Click Load SSH key
Browse to and load the ppk file
Click Clone
Also I found that I was having a problem saying that the machine I was looking for might not be the correct one. I found this very helpful and if you are having problems might be useful Using the SSH protocol with Bitbucket and very quickly helped me through that.
It's been 10 years since the original answer was posted, and I can now get this working without using SSH:
Log into Bitbucket, click on your avatar, and go to "Personal settings".
Go to "App passwords", and click the "Create app password" button.
Create a password for Git Extensions. When selecting permissions, choose "Read" and "Write" under "Repositories". You will be shown the password only once - make a note of it.
Clone the repo in Git Extensions, using the HTTPS link from Bitbucket.
When prompted to log in, keep the default user name (don't change it to your email address), and enter the app password.
A web page will open for you to authorize Git Credential Manager to access your Bitbucket account.
Once authorized, Git Extensions should start downloading the repo.