In GitHub I am supposed to go to Account Setting, then click on SSH keys, and there I should have some way to add an SSH Key. The instructions at http://help.github.com/win-set-up-git/ say: "click "Add SSH Key". But that link does not exist. Instead I get the following:
On Sunday March 4, 2012 a security vulnerability related to SSH keys
(public keys) was discovered. For your protection and to prevent
unauthorized access we have disabled your public keys until you
approve them.
Need help verifying fingerprints?
along with Accept and Reject buttons next to ssh keys I have uploaded but not verified since the exploit was found. I do not want to accept or reject any of these other ssh keys at this point. All I want is to add a new SSH Key. How do I do it?
Many thanks!
After accepting/rejecting all the existing ssh keys the link was visible again in my account.
Related
In the myhome/.ssh/ directory are local SSH keys for my personal GitHub account, the directory has the id_rsa and id_rsa.pub files that allow me to authenticate with GitHub.
I am setting up a server (compute engine on GCP), and this server needs these keys because it needs to authenticate to my GitHub to pull a repo. Should I either:
transfer over / SCP the currently-existing id_rsa, `id_rsa.pub that I have locally onto the server, and use those on the server.
create a brand new SSH key from on the server, and use this key. Add it to my GitHub profile.
it doesn't matter, either (1) or (2) is fine.
or something else?
(2) seems like the right approach, but we are not certain.
Indeed option 2. As a best practice, you should not share the same private key.
Go ahead and generate a new SSH key following the docs: https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh
A while ago, when learning about the existence of ECDSA-SK keys, I have created such a key and added it to my github account.
Now I am trying to remove it, but it simply does not show up in the list of keys. The list only shows my "regular" SSH key, but not the SK key.
However, the SK key works just fine. I can push/pull with it (even to/from private repos), and when trying to authenticate with it it shows as connected to my github account:
$ ssh -T -ai ~/.ssh/id_rsa.sk git#github.com
Hi bogd! You've successfully authenticated, but GitHub does not provide shell access.
Also, if I try to add it to my account, github tells me "the key is already in use".
So my question is - where do I need to go to remove this key??
From GitHub announcement in May 2021, this is what you should see:
If no "skey" entry is listed:
check if it would be listed when you have your YubiKey in place
check if you can list that key through GitHub API (you would need a token with read:public_key scope)
contact GitHub support to investigate.
The OP Bogd reports in the comments the SK (Security Key) was listed as a Deploy Key
The "-i" argument to SSH only adds the specified key to the list of keys the client will try.
Since I normally always have my RSA key loaded in the agent, it is likely that key was tried first, and that was why the command output did not list the repository.
The command should have been:
ssh -v -o "IdentitiesOnly=yes" -i ~/.ssh/id_rsa.sk git#github.com'
what is the benefit of github''public key''. I created and added it to the setting in my account. However, when I try to authenticate it in my editor, I get the error below ? Please help. I created my Repo for the heck of learning github, so maybe I still did not get the point of setting a such a key in my account. Inside of my terminal showing error message
Public key cryptography acts like a lock and key. You give Github the public key (the lock) which only you can open with your secret private key. It's a simple way for Github to authenticate you.
Your computer has to be told which private keys to use. This involves adding it to your ssh-agent which manages your private keys. See Generating a new SSH key and adding it to the ssh-agent on Github for how to do this. And read the whole Connecting to GitHub with SSH documentation.
Once this is all set up, you won't have to keep typing in your password.
I set up SSH login for github using the following instructions, and although it works, I can't figure out why it works: https://help.github.com/articles/generating-ssh-keys/
My understanding of SSH is as follows: client creates a key pair, client gives public key to server, and when client wants to log in, he encrypts a message of server's choice using his private key to prove that he is really the client.
Now: I upload my public key XXX to Github. When I do "ssh -T git#github.com", Github has to know I am trying to log in as me, so that he can decrypt my message using XXX, right? So ssh has to send that information...but how does ssh know anything about Github, or what my username is? And what if I have multiple key pairs - which key would ssh use?
When you add your SSH public key to your GitHub account, you associate that key with your GitHub account.
By default, the command ssh -T git#github.com searches for id_dsa and id_rsa files. To confirm this, try ssh -T git#github.com -v.
If you have keys associated to different github accounts, you would have to specify with -i to use different accounts. ssh -T git#github.com -i /path/to/mykey
In short:
SSH client send public key to server
Server finds your name according to public key (unique), but needs to verify that you have also the private key, therefore he sends you a some message
Your client signs that message using your private key
Server verifies the signature and if it is valid, you are allowed access
This is based on public key cryptography, specially digital signature technique (google for more details).
In a shared-account scenario, authentication/authorization is handled by the application.
I'm not sure Github is using it, but one solution for non-shell account authorization is Gitosis, and it used for precisely the purpose you describe. There are separate key pairs for each user. This much is similar to how Github does things.
The basic notion of how Gitosis works (deferring the authentication and authorization to gitosis) is explained on the app readme page, but the mechanics may require a review of the source code. Based on a cursory examination, it looks like the mechanics of this method are mostly via git hooks on the server.
I am trying to push my new project in recently created Github repository. But having SSH authentication issue. I don't know the key management, as which key is to used and how. In my github web dashboard I have 2 keys. One with my login account and one with Github for Windows.
How can I use the correct key for committing. Because this key is not what mentioned in my Github dashboard. I created new RSA Key in Eclipse. Saved it with Passphrase. And added this key into my Github account. But still it's showing me following key fingure print.
Any help?
My repos: https://github.com/tahirakram/Likhari
URL Information
Getting this error about SSH Keys
ssh://git#github.com:22: org.eclipse.jgit.transport.CredentialItem$YesNoType:
The authenticity of host 'github.com' can't be established.
RSA key fingerprint is 16:27:ac:a5:xx:xx:xx:xx:xx:xx:a6:48.
Are you sure you want to continue connecting?
This page (from Lech Migdal's blog ) recommends:
In theory it's nothing bad, you press the "Yes" button and you're done.
But to my surprise there was no "Yes" button :-) Only "OK" and "Details", both of them didn't result in the code being pushed to the sf.net. Restart (as suggested on some sites) didn't help.
In Eclipse switch to "Git Repositories" perspective
Expand your project, add new Remote repository (I called it "sourceforge")
Paste the URI that sourceforge provides on your project website and the proper password (yes, this time it will work)
Now Eclipse will ask you if you trust the RSA key fingerprint and will add it to known_hosts file
"Dry-Run" (should work), "Save"
This page also ask you to check your SSH settings.
Point 2 is better illustrated by the section "Adding a Remote Configuration" of the Egit User Guide:
This is done using a context menu action on the "Remotes" node.
A wizard is started asking for the name of the new configuration and whether to configure Fetch, Push, or both:
You will get that error message for every new host, when you connect the first time using SSH. Potentially a malicious person could have set up a server, which now answered your request, but is not the real github.com server. That is why you should verify the fingerprint and that is what the whole error message wants to tell you.
If you accept that dialog, it will work fine afterwards.
ssh-keyscan github.com >> ~/.ssh/known_hosts