I'm curious if I can put a GitHub SSH key on a USB flash drive as a singular key and remove the other SSH keys from my GitHub. I've found one source, but it doesn't necessarily specify that it's for GH, here.
Any help is appreciated, thanks!
I have yet to experiment, just reading articles/watching YouTube videos to try and get a grasp on it.
As long as you are using a ~/.ssh/config file which points where your SSH key is, you can put said key pair wherever you want.
Host gh
Hostname github.com
User git
IdentityFile /mnt/usb-device/myKey
In your case, a nix copy --to file:///mnt/usb-device /path/to/key would be needed first.
However, the tutorial you are referring to is more about copying the key on an encrypted USB stick. Which might be a bit redundant, considering NixOS can be installed with Full Disk Encryption already.
Related
Having some issues with maintaining too many SSH keys in the same computer lately.
I have created two SSH keys in my computer for UserA(Company) and UserB(Personal). Both the ID's are created using different email ID
I am able to pull and push the code changes for UserA
But UserB is where I face trouble to push my code.
I am able to pull the code for UserB(Where repo is different than UserA)
While pushing the code I get the following error
ERROR: Permission to UserB/xxxxxx.git denied to UserA.
Please make sure you have the correct access rights
and the repository exists. ```
Feel bit strange to me. Can someone help me this ?
Starting from Git 2.3.0 you can use below command
GIT_SSH_COMMAND='ssh -i private_key_file' git clone user#host:repo.git
Solved !!
Created Gitconfig for personal and work using the following link,
https://medium.com/#trionkidnapper/ssh-keys-with-multiple-github-accounts-c67db56f191e
Sometimes you have the problem of too many keys stored in the ssh-agent.
Then the server refuses the connection after it offering too many keys.
This can be solved by force ssh to use only one specific key.
GIT_SSH_COMMAND='ssh -o IdentityAgent=none -i private_key_file' git <cmd>
I would like to find a way to store encrypted file in my github repository that Heroku can decrypt on-the-fly (it's not env var but plain old .csv files).
I used git-crypt successfully on my machine but it seems that I cannot add a gpg key to heroku.
When I connect to heroku-cli and I try to create a gpg key usingheroku run gpg --gen-key I got the following error:
gpg: signing failed: Inappropriate ioctl for device
Anyhow, I'm not even sure git-crypt is the right way to go, so feel free to gave me any other alternative solution.
I am using the mercurial key-ring extension to store the password to my remote repository on BitBucket, so I don't have to enter it every time I push to the remote repository. Ironically, it asks me for the password to unlock the key-ring every time I need to access it; thereby completely mitigating its purpose to me. What am I doing wrong?
In my global mercurial config (~/.hgrc) I have the following lines:
[extensions]
hgext.mercurial_keyring = /etc/mercurial/mercurial_keyring.py
In my repo mercurial config (.hg/hgrc), I have:
[paths]
default = https://username#bitbucket.org/username/repo
Example:
> hg out
> comparing with https://username#bitbucket.org/username/repo
> Please enter password for encrypted keyring:
I have tried uninstalling the keyring and trying again. I've also played about with configuration settings I've found online to no avail. I also couldn't find anything on encrypted keyring and non-encrypted keyring in regards to mercurial.
How can I get it so that I don't have to enter a password at all when I perform actions to the remote repo?
I don't know if this was already the case at the time the question was asked, but now the solution is directly explained in the keyring extension wiki link in your question.
Just enabling the keyring extension is not enough, you also need to tell Mercurial the remote repo and the username in the config file.
Quote from the link:
3.2. Repository configuration (HTTP)
Edit repository-local .hg/hgrc and save there the remote repository
path and the username, but do not save the password. For example:
[paths]
myremote = https://my.server.com/hgrepo/someproject
[auth]
myremote.schemes = http https
myremote.prefix = my.server.com/hgrepo
myremote.username = mekk
Simpler form with url-embedded name can also be used:
[paths]
bitbucket = https://User#bitbucket.org/User/project_name/
Note: if both the username and password are given in .hg/hgrc, the
extension will use them without using the password database. If the
username is not given, extension will prompt for credentials every
time, also without saving the password. So, in both cases, it is
effectively reverting to the default behaviour.
Note that you don't need to specify all the information shown in those examples.
On my machine (Mercurial 5.0.2 on Windows), I'm using a simpler form which also works for multiple repos.
This is a 1:1 copy from my actual config file:
[extensions]
mercurial_keyring =
[auth]
bb.prefix = https://bitbucket.org/
bb.username = christianspecht
This uses the keyring extension to save the password for the user christianspecht, for all remote repos whose URL starts with https://bitbucket.org/.
The prefix bb can be freely picked, so you can use this to save multiple URLs/usernames at once.
This works perfectly well (at least until Bitbucket drops Mercurial support in a few weeks...) - it asks for the password once, then it's automatically saved and it never asks again.
it asks me for the password to unlock the key-ring. What am I doing wrong?
Nothing. Read the keyring docs, password for accessing keyring must be provided once for session
I was able to create a key and connect to github following these instructions via the command prompt successfully:
https://help.github.com/articles/generating-ssh-keys
However, when I try to connect via Sourcetree and putty I cannot. I've tried:
generating a new key with the putty key generator (SSH-2 RSA)
entering a passphrase
saving the private key
saving the public key and adding a .pub extension
copying/pasting the key from the putty key generator window into github
attemping to refresh branches on a pull from my private github repository from my local repo using the SSH clone URL I got from github
I also tried opening the key generated from the github command line instructions and it wanted me to convert it to a putty-type key which I did and saved off, tried with that one. Also no luck.
What am I doing wrong?
In order to get it worked I ended up going to Tools -> Options -> SSH Client and changing it to OpenSSH. I generated and uploaded several different types of keys trying to get it work as well but I think this is what finally did it.
In my case, I needed to switch to a git or ssh based repo path rather than the https based repo path. This causes SourceTree to switch to SSH based authentication.
This setting can be found at Repository => Repository setting => Paths
Example:
Correct repo paths
git#github.com:<username>/<reponame>.git
or
ssh://git#github.com/<username>/<reponame>.git
(Note: if you are working with a repo that isn't yours, replace username with organization name)
Wrong repo path
https://github.com/<username>/<reponame>.git
HTTPS repo paths result in SourceTree trying to be extra smart and failing spectacularly. You get prompted for a username/password GUI dialog which will never work if you have 2 factor authentication enabled.
To login to Github account using SourceTree you may use access tokens. To create an access token follow these steps.
Go to Settings
Select Developer settings from left pane
Select Personal access token
Click on Generate new token button
Give it a name
Select scopes and generate token (save this token somewhere safe because you won't be able to access this token again)
Then in SourceTree app follow these steps (for Mac users, not sure about the other platforms)
Go to Preferences->Accounts
Click add button
Select GitHub from Host dropdown
Choose Basic from Auth Type dropdown and HTTPS from Protocol dropdown
Enter your GitHub username in Username field
Paste the access token generated in the previous process in the Password field
Click save and you're done
For Mac versions of SourceTree the Tools menu does not exist.
However, you can add the ssh key to your keychain in Mac OS. See: https://superuser.com/questions/879050/sourcetree-ssh-options-on-os-x
On Mac OSX, the native SSH client can use the built-in keychain directly. To add your private key to the keychain simply use the command:
ssh-add -K /path/of/private/key
As an example if your private key is stored at ~/.ssh and is named id_rsa, you would use the command:
ssh-add -K ~/.ssh/id_rsa
You will then be prompted for your passcode, which will be stored in your keychain. After this you should be ready for a password-less login.
You may want to consider switching from OpenSSH to Putty / Plink and use embedded Git instead of Git provided by host OS. Making ssh-agent work on Windows is a bit more complicated than clicking it out straight from the SourceTree and PuttyGen.
If you want to still use terminal to configure SSH and start ssh-agent please see bottom two steps.
For Sourcetree on MacOS I had to change from OAuth to Basic authentication, use "git" as the username (not my GitHub username), and generate the SSH key and input it into GitHub. Only then could I clone a GitHub repo via SSH in Sourcetree.
I setup public key access to my server via ssh. I have a .ssh folder on my local windows computer. I configured ssh to add the private key using the ssh-add <directory> command. I am able to successfully connect to my server using windowspowershell. The chmod and Chown of the .ssh directory and authorized file are configured correctly on my server. sshd_config is configured correctly and points to the correct key.
The connection works perfectly with shell so there is no problem on my server. But with Eclipse, and its plugin in particular, Egit, I keep getting a Unable to use key file <directory of the key file I loaded into eclipse the same one used by ssh error every time I try to push my revision commits to my git repository on the server. I went to Pref > General > Network > SSH2 and added the right private key, the ssh2 home directory is set correctly too, in fact the public an private key were both generated using the key management tab and loaded into my server.
My windows permissions on that folder and those keys is set to allow all users to do everything just for good measure.
Now one clue is, the known hosts tab has a host fingerprint that does not match the fingerprint of my key. My key is something like f1:19: etc and the hosts fingerprint is different. I hope I can fix this soon. Any suggestions would be great.
ssh-add -l = two private keys that I am using. So its not this.
Another clue is, after going into my putty program and changes the private key that it ses suddenly is i try to connect to ssh with a key acces in eclipse the error it throws shows reflects the same key that I just changed in putty!! Somehow eclipse seems to be using putty for public key access. How do I stop this?!
Okay here's the solution. For whatever reason Egit uses putty to connect to ssh using the configuration putty is set to use to access a server with a public key. The way you fix this is to make sure putty is able to connect to the server using a public key. If it can't then try this:
Download puttygen
Generate a rsa key using either ssh shell or the key management tab on eclipse. Do not generate a key using puttygen. For whatever reason it never worked for me.
Load the private key you generated (not generated with puttygen) into puttygen and then save as a putty private key (.ppk)
Go to eclipses key management tab and set it to recognize the new .ppk private key file
Finally go to putty, and create your servers profile by assigning the address and then go to auth and load the .ppk file. DISABLE pageant.
Save and attempt to connect to server using the key and if successful then congratulations Egit and Eclipse will now be able to make connections using keys.