# Git - SSH Key ###### tags: `Git` `SSH Key` MAC/ Windows Git via SSH # ppk file to pem file in MAC: ``` puttygen <your-putty-key.ppk> -O private-openssh -o <your-ssh-key.pem> puttygen 2020_04_05.ppk -O private-openssh -o 2020_04_05.pem ``` # add existing ssh key in MAC: ``` ssh-add -k ~/.ssh/[your-private-key] ssh-add -k 2020_04_05.pem ``` ## Error when ``ssh-add`` ### [Could not open a connection to your authentication agent](https://stackoverflow.com/questions/17846529/could-not-open-a-connection-to-your-authentication-agent) #### Question:  I am running into this error of: ``` $ git push heroku master Warning: Permanently added the RSA host key for IP address '50.19.85.132' to the list of known hosts. ! Your key with fingerprint b7:fd:15:25:02:8e:5f:06:4f:1c:af:f3:f0:c3:c2:65 is not authorized to access bitstarter. ``` I tried to add the keys and I get this error below: ``` $ ssh-add ~/.ssh/id_rsa.pub Could not open a connection to your authentication agent. ``` #### Answer: ### Did You Start ssh-agent? You might need to start ssh-agent before you run the ssh-add command: ``` eval `ssh-agent -s` ssh-add ```  # file too open access: ``` chmod 600 config chmod 600 2020_04_05.pem ``` # Test connect to Github/ BitBucket: ``` ssh -T git@github.com ssh -T git@bitbucket.org ``` --- # ssh config: ``ssh-keygen`` 會建立 ``~/.ssh`` 目錄和預設的 public / private keys ## /.ssh/config: ``` Host * UseKeychain yes <-- Mac os only AddKeysToAgent yes IdentityFile /Users/xxxx/folder/yyyy.pem ``` Windows 在 ``C:\Users\<User_Name>\.ssh\`` 目錄下 全部使用相同 ``` Host * AddKeysToAgent yes IdentityFile D:\kye_hss\2020_04_05\2020_04_05.pem ``` 各別設定 ``` Host git.tw-futaba.com.tw AddKeysToAgent yes IdentityFile C:\Users\elite\.ssh\futaba_gitlab.pem Host github.com AddKeysToAgent yes IdentityFile C:\Users\elite\.ssh\2023_05_16.pem Host bitbucket.org AddKeysToAgent yes IdentityFile C:\Users\elite\.ssh\2023_05_16.pem ``` --- # ppk file to pem file in windows:   --- ## chmod 600 in windows: [Windows CHMOD 600](https://stackoverflow.com/questions/5264595/windows-chmod-600) [Windows SSH: Permissions for 'private-key' are too open](https://superuser.com/questions/1296024/windows-ssh-permissions-for-private-key-are-too-open)    [如何用config管理多個網站的ssh key和如何不用每一組輸入ssh的Pass Phrase](https://blog.alantsai.net/posts/2016/03/ssh-config-ssh-agent-passphrase-management) --- http://git-server.goglobal.com.tw/help/ssh/README#generating-a-new-ssh-key-pair Generate a new ED25519 SSH key pair: ssh-keygen -t ed25519 -C "email@example.com" Or, if you want to use RSA: ``` ssh-keygen -t rsa -b 4096 -C "email@example.com" ssh-keygen -t rsa -b 4096 -C "elite_lin@goglobal.com.tw" ``` ``` C:\Users\Elite_lin>ssh-keygen -t rsa -b 4096 -C "elite_lin@goglobal.com.tw" Generating public/private rsa key pair. Enter file in which to save the key (C:\Users\Elite_lin/.ssh/id_rsa): gitlab_ssh_key Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in gitlab_ssh_key. Your public key has been saved in gitlab_ssh_key.pub. The key fingerprint is: SHA256:7WhtXVbxp2IPJlR6EAAIDgeKDYvpZ/6640Wv7umKrxI elite_lin@goglobal.com.tw The key's randomart image is: +---[RSA 4096]----+ |+.o. .....o.. . | |+O . + o| |* o o . +| |. o . o.| | . o . S o = + | |E + . . + = * | | . . . .o + . . | |. ..o o. . | |.o+*OB | +----[SHA256]-----+ ``` similar to ``cat`` ``` C:\Users\Elite_lin>type * ``` --- by eaddy - 2022/08/26 ``` elite@fwteam-BM1AF-BP1AF-BM6AF:~$ ssh-keygen -t rsa -b 2048 -C "elite_lin" Generating public/private rsa key pair. Enter file in which to save the key (/home/elite/.ssh/id_rsa): Created directory '/home/elite/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/elite/.ssh/id_rsa Your public key has been saved in /home/elite/.ssh/id_rsa.pub The key fingerprint is: SHA256:CfsB05oV7EPrrGAXOS44mOelaa3EEP2NiDtoUP3Ncf8 elite_lin The key's randomart image is: +---[RSA 2048]----+ |       ..        | | . .   .o.       | |. o . +++..      | | + o ++@++ .     | |+o..o.*=S.  .    | |=++ = o.o.   .   | |++oB + ..     E  | |.o= . .          | | ...             | +----[SHA256]-----+ elite@fwteam-BM1AF-BP1AF-BM6AF:~$ ls .ssh/id_rsa id_rsa      id_rsa.pub ``` ---- Git 出錯 error message 類似 >HTTP Basic: Access denied fatal: Authentication failed for 'https://gitlab.com/my_username/my-repo.git/' `` solution: [How to view, add, remove or edit the saved Users names and passwords on a given system](https://support.microsoft.com/en-ca/help/555631) type in: ``` rundll32.exe keymgr.dll,KRShowKeyMgr ``` --- # ssh-agent ## [[faq]Windows 1803之後git for windows無法透過Start-SshAgent啓用ssh agent - 需要一直輸入passphrase的問題](https://blog.alantsai.net/posts/2018/11/faq-start-sshagent-error-1058-on-windows-1803-cannot-use-ssh-agent) 不過用ssh又遇到另外一個問題，每一次和遠端溝通都要輸入passphrase超級麻煩， 這個時候突然想起以前寫過（何謂ssh，在Windows下如何使用ssh， 如何在Windows透過ssh下載和上傳程式到github）透過ssh agent不用一直輸入密碼。 興奮的打開那一篇，學著裡面輸入Start-SshAgent，結果出現了error：1058。 ### 解決方式 - TL;DR 以下解法適合 Windows 10 1803的作業系統 - 不知道未來微軟是否會調整，但是至少在1803會有這個問題。 需要執行以下幾個動作即可解決： 1. 把 ``ssh-agent`` 這個service 從 ``disabled`` 狀態改成 ``manual`` 可以透過gui的方式去設定（顯示名稱是：OpenSSH Authentication Agent） 如果透過powershell則是： ``` Set-Service ssh-agent -StartupType Manual ``` 2. 調整git使用内建帶的ssh agent 透過指令執行： ``` git config --global core.sshCommand "'C:/Windows/System32/OpenSSH/ssh.exe'" ``` 做完了以上兩個動作之後，未來需要啓動ssh agent的時候 只需要輸入Start-SshAgent。接下來和遠端溝通都不需要一直輸入passphrase - 太棒了。 如果對於爲什麽要做上面兩個事情有興趣的話請繼續往下看。 --- ## https://stackoverflow.com/questions/52113738/starting-ssh-agent-on-windows-10-fails-unable-to-start-ssh-agent-service-erro I solved the problem by changing the ``StartupType`` of the ``ssh-agent`` to ``Manual`` via ``Set-Service ssh-agent -StartupType Manual``. Then I was able to start the service via ``Start-Service ssh-agent`` or just ``ssh-agent``. --- ## My exercise ``` unable to start ssh-agent service, error :1058 PS D:\GitLab_Runner> et-Service ssh-agent et-Service: The term 'et-Service' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. PS D:\GitLab_Runner> Get-Service ssh-agent Status Name DisplayName ------ ---- ----------- Stopped ssh-agent OpenSSH Authentication Agent PS D:\GitLab_Runner> Start-Service ssh-agent Start-Service: Service 'OpenSSH Authentication Agent (ssh-agent)' cannot be started due to the following error: Cannot start service 'ssh-agent' on computer '.'. PS D:\GitLab_Runner> Start-Service ssh-agent.exe Start-Service: Cannot find any service with service name 'ssh-agent.exe'. PS D:\GitLab_Runner> Start-SshAgent Start-SshAgent: The term 'Start-SshAgent' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. PS D:\GitLab_Runner> Set-Service ssh-agent -StartupType Manual PS D:\GitLab_Runner> Start-SshAgent Start-SshAgent: The term 'Start-SshAgent' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. PS D:\GitLab_Runner> Start-Service ssh-agent PS D:\GitLab_Runner> Get-Service ssh-agent Status Name DisplayName ------ ---- ----------- Running ssh-agent OpenSSH Authentication Agent ``` --- # Windows ssh 錯誤 ### 2023/02/28 ``` Enter passphrase for key 'C:\Users\elite\.ssh\2020_04_05.pem': tfsc\\elite@bitbucket.org: Permission denied (publickey). ```  1. 首先, 確定Windows 有安裝 OpenSSH Client    2. 目前使用者的目錄下, 沒有 ``.ssh`` 這個資料夾, 其內也沒有 ``id_rsa`` 與 ``id_rsa.pub`` 這兩個檔案 3. 以系統管理員身份來開啟 PowerShell 7  然後輸入 ``ssh-keygen`` 按 Enter 走預設的值 ``` PS C:\Windows\System32> ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (C:\Users\elite/.ssh/id_rsa): Created directory 'C:\\Users\\elite/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in C:\Users\elite/.ssh/id_rsa Your public key has been saved in C:\Users\elite/.ssh/id_rsa.pub The key fingerprint is: SHA256:+qGfUe/tsvogKkRdsC1sQTbeDXf9pKN7HAeGdj9wmy4 tfsc\elite@AS81739B The key's randomart image is: +---[RSA 3072]----+ | .*.. . .. | | + *.+ . . .| | .*.o . . + | | .... o.*..| | . S .. +o+o| | . . . .. .+o| | . . + . .o.o.| | . + = ooEo. | | .o.+ .o+=+ | +----[SHA256]-----+ PS C:\Windows\System32> ```  4. 然後 自己專用的 private key (``*.pem``) 檔案 要確定 __擁有者__ 是__目前的使用者__ 然後把下方的 __繼承__ 停用 然後中間的 __主體__ 只留下 __目前的使用者__, 並確定能 __完全控制__      最後會像這樣   ## Ref * https://phoenixnap.com/kb/generate-ssh-key-windows-10 * https://stackoverflow.com/questions/64687271/how-to-avoid-permission-denied-publickey-ssh-key-windows # SourceTree ## Ref * [Trust A Server's Host Key when No Button is Available to Trust It](https://confluence.atlassian.com/sourcetreekb/trust-a-server-s-host-key-when-no-button-is-available-to-trust-it-788731545.html) * [SourceTree error: The server's host key is not cached in the registry.](https://community.atlassian.com/t5/Sourcetree-questions/SourceTree-error-The-server-s-host-key-is-not-cached-in-the/qaq-p/1410001)   ``` cd C:\Users\elite\AppData\Local\SourceTree\app-3.4.11\tools\putty PS C:\Users\elite\AppData\Local\SourceTree\app-3.4.11\tools\putty> ls Directory: C:\Users\elite\AppData\Local\SourceTree\app-3.4.11\tools\putty Mode LastWriteTime Length Name ---- ------------- ------ ---- -a--- 2023/3/1 上午 11:36 762648 pageant.exe -a--- 2023/3/1 上午 11:36 858416 plink.exe -a--- 2023/3/1 上午 11:36 855832 puttygen.exe PS C:\Users\elite\AppData\Local\SourceTree\app-3.4.11\tools\putty> .\plink.exe bitbucket.org PS C:\Users\elite\AppData\Local\SourceTree\app-3.4.11\tools\putty> .\plink.exe github.com ```