Thursday 11 April 2019

Note to self: Accessing GitHub via SSH

So, as a tech note to myself, this is how I set up access to GitHub.com via SSH both on Windows 10 and on Ubuntu Linux 18.10. In order to keep this short and to the point, let's assume that both SSH and Git has already been setup.

Windows 10

I'm using Git for Windows 2.21.0.

The Git installation comes with bundled OpenSSH, so I do not need the GIT_SSH environmental variable. If GIT_SSH exists, Git will use explicitly the specified application whenever it attempts to use SSH instead of the OpenSSH. 

This little detail really tripped me over for a while as because of some past setup I had GIT_SSH pointing to plink.exe while I had been eagerly configuring OpenSSH. How odd it was that Git kept failing with SSH (plink.exe) while direct SSH (OpenSSH) connections worked just fine...

Step 1: Generate a RSA key pair

$ ssh-keygen -t rsa -b 4096
In the dialogue that follows, I chose to store the new key as
/c/Users/<user>/.ssh/github_id_rsa
Mind you that the above notation is as it is used in the Git Bash. Two new files were created:
C:\Users\<user>\.ssh\github_id_rsa (private key)
C:\Users\
<user>\.ssh\github_id_rsa.pub (public key)

 Step 2: Edit ssh config file

I added following entry to the C:\Users\<user>\.ssh\config (and if the file does not exist, just create a new one):
Host github.com
    Hostname github.com
    User git
    IdentityFile C:\Users\
<user>\.ssh\github_id_rsa

Step 3: Store public key to GitHub account

I opened the C:\Users\<user>\.ssh\github_id_rsa.pub file, which contains a long string, which begins with "ssh-rsa ...", and then copied the text to clipboard.

In GitHub,
  1. I opened my profile Settings / SSH and GPG keys
  2. Clicked New SSH key
  3. Named the key in Title
  4. Pasted the public key's text into Key
  5. Clicked Add SSH key
The page lists all added SSH keys. The new one shows at this point as Never used - Read/write.

Step 4: Test SSH connection to GitHub

In Git Bash I tried if the basic SSH authentication works. Note that one must always use the user git instead of own GitHub user account.
$ ssh -T git@github.com
If all goes well, the server responds:
"Hi <github user>! You've successfully authenticated, but GitHub does not provide shell access."
If the attempt fails, try ssh -Tv git@github.com and figure it out. I did, eventually.

Step 5: Add the private key to ssh-agent

If the ssh-agent is not already running, start it with following command:
$ eval $(ssh-agent -s)
If the agent is running it's pid is shown. Next add the private key to the ssh-agent (again, in Git Bash).
$ ssh-add /c/Users/<user>/.ssh/github_id_rsa
If successful, following message is shown.
Identity added: /c/users/<user>/.ssh/github_id_rsa (<user>@<host>)

Step 6: Clone a repository

One of my public repositories is mstenback/reference_java, which contains small reference applications. (While they are mostly small and simple, they provide a good reference point as I implement the same applications also in other langauges and scripts, such as Python, Bash, Golang and so on. It's works for me as way to learn new languages.)
$ git clone git@github.com:mstenback/reference_java
Note that the repository must be cloned by using the SSH notation instead of HTTPS.

Step 7: Commit and push changes

After making a small change to README.md I committed the change
$ git commit README.md
and then pushed the changes to GitHub
$ git push
At this point, after a long evening trying to figure this out, I allowed myself feel a bit pleased when the connection finally worked as intended.

Finally, as a minor detail, if I would check my SSH key status in GitHub profile, it would now show
Last used within the last week - Read/write

Ubuntu Linux 18.10

Essentially all the steps are the same, with couple of exceptions.

1) SSH key files are located in /home/<user>/.ssh/

2)  Using OpenSSH 7.7p1 (not that it makes any practical difference in this case).