Anagram Engineering

Webdesign und Softwarelösungen aus Vorarlberg. Ihr Partner für innovative Lösungen rund ums Internet. Full Service Agentur.

by

#gitbash, #tortoisegit

Up until this point, you have been using the secure hypertext transfer protocol (HTTPS) to communicate between your local system and Bitbucket. When you use HTTPS, you need to authenticate (supply a username and password) each time you take an action that communicates with the Bitbucket server. You can specify the username in the DVCS configuration file; you don’t want to store your password there though where anyone can see it. So, this means you must manually type a password when you use HTTPS with  your local repository. Who wants to do that? This page shows you how to use secure shell (SSH) to communicate with the Bitbucket server and avoid having to manually type a password.

Finally, setting up an SSH identity can be prone to error. Allow yourself some time, perhaps as much as an hour depending on your experience, to complete this page. If you run into issues, check out Troubleshoot SSH Issues for extra information that may help you along. You can even skip this whole page and continue to use HTTPS if you want.

Linux or Mac User?

This page shows you how to set up and use a single default SSH identity on Windows for a Git repository using GitBash. In the next page, you set up SSH for a Mercurial repository on Windows with TortoiseHg. If you are working on Mac OSX or Linux, a single set of instructions shows you how to setup and identity for either Git or Mercurial in these environments.

Step 1. Read a quick overview of SSH concepts

To use SSH with Bitbucket, you create an SSH identity. An identity consists of a private and a public key which together are a key pair. The private key resides on your local computer and the public you upload to your Bitbucket account. Once you upload a public key to your account, you can use SSH to connect with repositories you own and repositories owned by others, provided those other owners give your account permissions. By setting up SSH between your local system and the Bitbucket server, your system uses the key pair to automate authentication; you won’t need to enter your password each time you interact with your Bitbucket repository.

There are a few important concepts you need when working with SSH identities and Bitbucket

  • You cannot reuse an identity’s public key across accounts. If you have multiple Bitbucket accounts, you must create multiple identities and upload their corresponding public keys to each individual account.
  • You can associate multiple identities with a Bitbucket account. You would create multiple identities for the same account if, for example, you access a repository from a work computer and a home computer. You might create multiple identities if you wanted to execute DVCS actions on a repository with a script – the script would use a public key with an empty passphrase allowing it to run without human intervention.
  • RSA (R. Rivest, A. Shamir, L. Adleman are the originators) and digital signature algorithm (DSA) are key encryption algorithms. Bitbucket supports both types of algorithms. You should create identities using whichever encryption method is most comfortable and available to you.

 

Step 2. Check if you have existing default Identity

The Git Bash shell comes with an SSH client. Do the following to verify your installation:

  1. Double-click the Git Bash icon to start a terminal session.
  2. Enter the following command to verify the SSH client is available:
    manthony@MANTHONY-PC ~
$ ssh -v
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
usage: ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-i identity_file] [-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-w local_tun[:remote_tun]] [user@]hostname [command]
  3. If you have ssh installed, go to the next step.
    If you don’t have ssh installed, install it now with your package manager.
  4. List the contents of your ~/.ssh directory.
    If you have not used SSH on Bash you might see something like this:

    manthony@MANTHONY-PC ~
$ ls -a ~/.ssh
ls: /c/Users/manthony/.ssh: No such file or directory

    If you have a default identity already, you’ll see two id_* files:

    manthony@MANTHONY-PC ~
$ ls -a ~/.ssh
.    ..    id_rsa    id_rsa.pub  known_hosts

    In this case, the default identity used RSA encryption (id_rsa.pub). If you want to use an existing default identity for your Bitbucket account, skip the next section and go to create a config file.

Step 3. Set up your default identity

By default, the system adds keys for all identities to the /Users/yourname/.ssh directory. The following procedure creates a default identity.

  1. Open a terminal in your local system.
  2. Enter ssh-keygen at the command line.
    The command prompts you for a file to save the key in:

    manthony@PHOENIX ~
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Documents and Settings/manthony/.ssh/id_
rsa):
  3. Press enter to accept the default key and path, /c/Documents and Settings/manthony/.ssh/id_rsa, or you can create a key with another name.
    To create a key with a name other than the default, specify the full path to the key. For example, to create a key called my-new-ssh-key, you would enter a path like this at the prompt:

    manthony@PHOENIX ~
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Documents and Settings/manthony/.ssh/id_
rsa): /c/Documents and Settings/manthony/My Documents/keys/my-new-ssh-key
  4. Enter and renter a passphrase when prompted.
    Unless you need a key for a process such as script, you should always provide a passphrase.
    The command creates your default identity with its public and private keys. The whole interaction looks similar to the following:

    manthony@MANTHONY-PC ~
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/manthony/.ssh/id_rsa):
Created directory '/c/Users/manthony/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/manthony/.ssh/id_rsa.
Your public key has been saved in /c/Users/manthony/.ssh/id_rsa.pub.
The key fingerprint is:
e7:94:d1:a3:02:ee:38:6e:a4:5e:26:a3:a9:f4:95:d4 manthony@MANTHONY-PC
manthony@MANTHONY-PC ~
$
  5. List the contents of ~/.ssh to view the key files.
    You should see something like the following:

    $ ls ~/.ssh
    id_rsa  id_rsa.pub 

    The command created two files, one for the public key ( for example id_rsa.pub ) and one for the private key (for example, id_rsa ).

Step 4. Create a SSH config file

 

  1. Using your favorite text editor, edit an existing (or create a new) ~/.ssh/config file.
  2. Add an entry to the configuration file using the following format:Host bitbucket.org 
     IdentityFile ~/.ssh/privatekeyfileThe second line is indented. That indentation (a single space) is important, so make sure you include it.  The second line is the location of your private key file.  If you are following along with these instructions, your file is here:

     ~/.ssh/id_rsa

    When you are done editing, your configuration looks similar to the following:

    Host bitbucket.org
 IdentityFile ~/.ssh/id_rsa
  3. Save and close the file.
  4. Restart the GitBash terminal.

 

Step 5. Update your .bashrc profile file

It is a good idea to configure your GitBash shell to automatically start the agent when launch the shell.  The .bashrc file is the shell initialization file. It contains commands that run each time your GitBash shell starts.  You can add commands to the .bashrc file that start the agent when you start GitBash. The folks at GitHub have developed a nice script for this (their script was developed from a post by Joseph M. Reagle Jr. from MIT on the cygwin list). To start the agent automatically, do the following.

  1. Start GitBash.
  2. Edit your ~/.bashrc file.If you don’t have a .bashrc file you can create the file using your favorite text editor. Keep in mind the file must be in your ~ (home) directory and must be named exactly .bashrc.
  3. Add the following lines to the file:
    Icon

    Chrome and Opera introduce ASCII \xa0 (non-breaking space characters) on paste that can appear in your destination file. If you copy and paste the lines below, copy from another browser to avoid this problem.

    SSH_ENV=$HOME/.ssh/environment
      
    # start the ssh-agent
    function start_agent {
        echo "Initializing new SSH agent..."
        # spawn ssh-agent
        /usr/bin/ssh-agent | sed 's/^echo/#echo/' > ${SSH_ENV}
        echo succeeded
        chmod 600 ${SSH_ENV}
        . ${SSH_ENV} > /dev/null
        /usr/bin/ssh-add
    }
      
    if [ -f "${SSH_ENV}" ]; then
         . ${SSH_ENV} > /dev/null
         ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
            start_agent;
        }
    else
        start_agent;
    fi
  4. Save and close the file.
  5. Close GitBash.
  6. Reopen GitBash.
    The system prompts you for your passphrase:

    Welcome to Git (version 1.7.8-preview20111206)
Run 'git help git' to display the help index.
Run 'git help <command>' to display help for specific commands.
Enter passphrase for /c/Documents and Settings/manthony/.ssh/id_rsa:
  7. Enter your passphrase.
    After accepting your passphrase, the system displays the command shell prompt.
  8. Verify that the script identity added your identity successfully by querying the SSH agent:
    $ ssh-add -l
    2048 0f:37:21:af:1b:31:d5:cd:65:58:b2:68:4a:ba:a2:46 /Users/manthony/.ssh/id_rsa (RSA)

 

After you install your public key to Bitbucket, having this script should prevent you from having to enter a password each time you push or pull a repository from Bitbucket.

Step 6. Install the public key on your Bitbucket account

  1. Open a browser and log into Bitbucket.
  2. Choose avatar > Manage Account from the menu bar.
    The system displays the Account settings page.
  3. Click SSH keys.
    The SSH Keys page displays. It shows a list of any existing keys. Then, below that, a dialog for labeling and entering a new key.
  4. In your terminal window, cat the contents of the public key file.
    For example:

    cat ~/.ssh/id_rsa.pub
  5. Select and copy the key output in the clipboard.
    If you have problems with copy and paste, you can open the file directly with Notepad. Select the contents of the file (just avoid selecting the end-of-file character).
  6. Back in your browser, enter a Label for your new key, for example, Default public key.
  7. Paste the copied public key into the SSH Key field.
  8. Click the Add key button:

    The system adds the key to your account.
  9. Return to the terminal window and verify your configuration by entering the following command.
    ssh -T git@bitbucket.org

    The command message tells you which Bitbucket account can log in with that key.

    conq: logged in as tutorials.
You can use git or hg to connect to Bitbucket. Shell access is disabled.
  10. Verify that the command returns your account name.
     Click if you got a permission denied (publickey) message.

Step 7. Configure your repository to use the SSH protocol

The URL you use for a repository depends on which protocol you are using, HTTPS and SSH. The Bitbucket repository Overview page has a quick way for you to see the one for your bb101repo repo. On the repository’s Overview page look for the Clone this repository line.

Experiment for a moment, click back and forth between the SSH and the HTTPS protocol links to see how the URLs differ. The table below shows the format for each DVCS based on protocol.

 

SSH URL format
HTTPS URL format
Mercurialssh://hg@bitbucket.org/accountname/reponame/https://accountname@bitbucket.org/accountname/reponame
Gitgit@bitbucket.org:accountname/reponame.gitorssh://git@bitbucket.org/accountname/reponame.githttps://accountname@bitbucket.org/accountname/reponame.git

In the SSH format, the accountname appears after git@bitbucket.org or hg@bitbucket.org. In HTTPS format, the accountname beforegit@bitbucket.org or hg@bitbucket.org.

 

Go to terminal on your local system and navigate to your bb101repo-practice repository. Then, do the following:

  1. View your current repository configuration.
    You should see something similar to the following:

    manthony@MANTHONY-PC ~ 
$ cat .git/config
[core]
  repositoryformatversion = 0
  filemode = true
  bare = false
  logallrefupdates = true
  ignorecase = true
[remote "origin"]
  fetch = +refs/heads/*:refs/remotes/origin/*
  url = https://newuserme@bitbucket.org/newuserme/bb101repo.git
[branch "master"]
  remote = origin
  merge = refs/heads/master

     

    As you can see, the url is using the HTTPS protocol. There are a number of ways to change this value, the easiest way is just to edit the repository’s configuration file.

  2. Edit the ~/repos/bb101repo-practice/.git/config file with your favorite editor.
  3. Change the url value to use the SSH format for that repository.
    When you are done the origin section should contain something similar to the following:

    [remote "origin"]
  fetch = +refs/heads/*:refs/remotes/origin/*
  url = git@bitbucket.org:newuserme/bb101repo.git
  4. Save your edits and close the file.

Step 8. Make a change under the new protocol

  1. Edit the README file in your bb101repo-practice repository.
  2. Add a new line to the file, for example:
    Welcome to My First Repo
-------------------------------
This repo is a practice repo I am using to learn bitbucket.
You can access this repo with SSH or with HTTPS.
  3. Save and close the file.
  4. Add and then commit your change to your local repo.
    git add README
git commit -m "making a change under the SSH protocol"
  5. Push your changes.
    The system warns you that it is adding the Bitbucket host to the list of known hosts.

    manthony@MANTHONY-PC ~
$ git push 
$ git push
Counting objects: 5, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 287 bytes, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: bb/acl: newuserme is allowed. accepted payload.
To git@bitbucket.org:newuserme/bb101repo.git
  056c29c..205e9a8 master -> master
  6. Open the repo Overview in Bitbucket to view your commit.

 

Use PUTTYGEN to create ppk Key and link it under settings.

 

 

About Harald Entner

Since january 2013 Harald is CEO of Anagram Engineering.

After he has finished his study in computer science at the Technical Universicty of Vienna he worked in Vienna, Munich and Dornbirn as software engineer, software architect and system developer.

Today he enjoys travelling, learning new languages and frameworks, systems, environments and tries to educate hilmself within these domains.