Curriculum
Course: Git
Login
Text lesson

Git Security SSH

Git Security

So far, we’ve used HTTPS to connect to our remote repository.

While HTTPS generally works well, you should use SSH for enhanced security, especially on unsecured networks. Additionally, some projects may require the use of SSH.

What is SSH

SSH (Secure Shell) is a network protocol used for managing networks, transferring files, and accessing remote systems securely.

SSH employs a pair of keys to establish an authenticated and encrypted connection, ensuring secure communication over potentially insecure networks.

When you generate SSH keys, you create a “public” key and a “private” key. The “public” key, which you share with the remote party, acts like a lock. The “private” key, kept secure and private, functions as the key to unlock it.

SSH keys are generated using complex algorithms involving prime numbers and large random values. This ensures that while the public key can be derived from the private key, the reverse is not possible.

Generating an SSH Key Pair

In the command line for Linux, macOS, and Git Bash for Windows, you can generate an SSH key.

Here’s how to do it, step by step:

Begin by creating a new key and use your email as a label:

Example

[user@localhost] $

ssh-keygen -t rsa -b 4096 -C [email protected]
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa):
Created directory ‘/Users/user/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/user/.ssh/id_rsa
Your public key has been saved in /Users/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:******************************************* [email protected]
The key’s randomart image is:
+—[RSA 4096]—-+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+—-[SHA256]—–+

During this process, you will be prompted with the following:

[user@localhost] $

Enter file in which to save the key (/c/Users/user/.ssh/id_rsa):

Choose a file location or press “Enter” to accept the default location.

[user@localhost] $

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Entering a secure passphrase adds an extra layer of security, preventing anyone who gains access to your computer from using the key without the passphrase. However, you’ll need to provide the passphrase each time the SSH key is used.

Next, add this SSH key pair to the SSH agent, using the file location you specified earlier:

Example

[user@localhost] $

ssh-add /Users/user/.ssh/id_rsa
Enter passphrase for /Users/user/.ssh/id_rsa:
Identity added: /Users/user/.ssh/id_rsa ([email protected])

If you set a passphrase, you’ll be prompted to enter it.

Now your SSH key pair is ready for use.