Git allows you to manage and track changes to your source files. Git is often used in group projects, where a remote git repository such as one hosted on Github, acts as the central point for each team member to submit changes to the source code and view other team members contributions.
The SSH protocol adds a secure layer when using remote git repositories through the use of git SSH keys. It’s important to have security measures in place when managing access to source code stored on a remote git repository.
To grasp this topic properly you’ll need to have a basic understanding of git and Github which is covered in our introduction to git post.
What is SSH?
SSH which stands for Secure Shell, is a protocol used to open up a secure communication channel between computers. Take the internet for example, which is typically run over an unsecure channel. For two computers to communicate over the internet in a secure manner, they can use the SSH protocol. This allows messages exchanged between the two points to be sent in an encrypted format. Encrypting messages prevents someone else from understanding the messages sent between the two computers, hence creating a secure channel.
How SSH is able to make an opened communication channel secure involves use of keys generated from encryption algorithms which both sides use to ensure messages can only be decrypted (i.e. understood) by the computers at both ends of the communication channel.
Note, there’s a lot more to the SSH protocol. We won’t go into details here about exactly how these keys work and how the communication channel is opened.
How is SSH used with git?
So how exactly does SSH come into play when using git? Well, in most cases we wish to store our git repositories on a remote location which is typically a server on the internet. For our examples we’ll use Github, a popular git remote repository hosting platform as the server.
What SSH can do for us when interacting with a remote server like Github is to secure the communication channel between our computer and the server. After all, we don’t want anyone to peak into our files during our interactions with Github.
One way to secure the connection between our computer and the Github server is by supplying your username and password credentials each time you interact with the server. However, using SSH keys instead allows you to access Github without needing to enter those credentials each time. These keys will provide your computer the ability to verify the server through the SSH protocol.
To use these keys, first we generate what we call a key pair, consisting of a public key and private key. The private key is generated first, which is essentially a large randomised value. An algorithm is then applied onto the private key to generate the public key. Although the public key is derived from the public key, this can’t be reversed, i.e. the private key can’t be easily derived from the public key.
Messages encrypted using the public key can only be decrypted by the private key. We hand over the public key to a server which is used to encrypt messages before sending it to our computer. Only the private key stored on our computer can decrypt this message. This is the idea of how SSH keys can be used to securely exchange data between our computer and a server as someone else peeking into the data won’t be able to decrypt it.
This is how a secure communication channel is opened between our computer and Github to allow secure exchange of our repository files.To enable this we just need to let Github know what this public key is.
Important to note: The private key residing on your computer must NEVER be shared with anyone. The fact that only your computer possesses this private key is what makes the protocol secure as only your computer can decrypt messages that were encrypted using the public key.
Git SSH keys setup on Github
We’ll show how to do this next by going through setup of git SSH keys on a Linux and Windows computer. The steps you’ll need to take are:
1. Generate the public and private key pair.
2. Load the public key into Github.
1. Generate the public and private key pair
On Linux open terminal.
On Windows open Git Bash.
Run the command:
ssh-keygen -t rsa
You’ll be asked to confirm the path and file name of the keys.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/your_name/.ssh/id_rsa):
Leaving the defaults will generate a private key with the name [id_rsa] and a public key with the name [id_rsa.pub] under your home directory in the folder [.ssh].
Next you’ll be asked to enter a password. Adding a password adds an extra layer of security as you’ll need to input this password when using the keys. Enter the password or if you don’t want a password press the enter key to continue.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
If you used the defaults, confirm the keys were successfully created in the directory.
ls /home/your_name/.ssh
id_rsa id_rsa.pub known_hosts
2. Load the public key into Github
On your Github account navigate to Settings-> SSH and GPG keys. Select New SSH key.
Copy the contents of the public key file and paste it in the Key field. If you used the default names when generating the keys, this is the contents of id_rsa.pub. Also add a description of the key into the Title field.
Select the Add SSH key button and you’ll be prompted to enter your Github password to confirm the action. On completion your SSH key is now added to Github.
With Github now in possession of your public key, it may now interact with your PC in a secure manner. Only the private key existing on your PC can be used to decrypt messages sent using SSH from your Github account.
Conclusion
You should now have a basic understanding of what git SSH keys are. It can help you secure files exchanged between your computer and your remote git repositories such as Github.
Using git SSH keys is quite simple once you have it setup. Just generate your private and public key, load the public key into Github and you now have a secure communication channel between them! (As long as you keep your private key secret from anyone).
Hope this helps you get started with using git SSH keys. Any questions or comments, leave them in the comments below!