HAMPEL SOFTWARE ENGINEERING

Create Better LabVIEW Software!

User Tools

Site Tools


Sidebar

Imprint

kb:scc:git:ssh

06 SSH

Definitions

What is SSH?

SSH stands for Secure Shell. SSH offers a secure way to remotely log in to another computer and issue commands, e.g. your website’s server.

What is SSL?

SSL stands for Secure Sockets Layer. While most people still refer to SSL, SSL is technically the older version of the more modern Transport Layer Security (TLS) protocol. SSL is a protocol that’s primarily designed to protect the transmission of data between two parties with encryption and authentication.

SSH Connection

You can use the ssh command line tool to debug your git connection:

  ssh -T git@gitlab.com 

For more debug output, you can add up to three levels of verbosity (-v or -vv or -vvv):

  ssh -v -T git@gitlab.com 

SSL Certificate

To establish a secure connection between your computer and GitLab via Secure Shell (SSH) you will need to create and install SSH keys. The private key resides on your computer, the public key is stored at the GitLab server.

Create SSH keys

Set public key in gitlab.com

Add your key by navigating to the 'SSH Keys' section in your user profile, selecting 'Add SSH Key', and copy-pasting the public key to the 'key' field. Please copy the complete key (a long string starting with ssh- and ending with the comment you specified, usually your email address).

For server certificate errors, see 04 Debugging.

SSH Options

You can add options for the ssh client permanently in ~/.ssh/config (for the current user)

Disable SSH host key checking
  Host 192.168.*.*
     StrictHostKeyChecking no
     UserKnownHostsFile=/dev/null

SSH Passphrase Management

For added security, you might choose a passphrase for your SSH key. In this case, you usually have to enter the passphrase manually each time. This of course hinders automatisation.

The solution is to use ssh-agent. Which securely stores your passphrase, so you don`t need to enter it again.

Windows Setup

To keep things as native as possible, we opted to use the built-in OpenSSH capabilities. This applies to: Windows Server 2022, Windows Server 2019, Windows 10 (build 1809 and later). Alternatively, you may use the SSH capabilities of Git for Windows.

Installing and enabling OpenSSH

  1. Try using ssh-agent as described in the next session, if needed, install it via:
  2. Open Settings, select Apps > Apps & Features, then select Optional Features.
  3. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:
    1. Find OpenSSH Client, then click Install
    2. Find OpenSSH Server, then click Install

Using ssh-agent

Now that you have installed OpenSSH, you must set up the ssh-agent service.

Open a Powershell instance with Administrator rights and run the following script:

# By default the ssh-agent service is disabled. Allow it to be manually started for the next step to work.
# Make sure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Manual
 
# Start the service
Start-Service ssh-agent
 
# This should return a status of Running
Get-Service ssh-agent
 
# Now load your key files into ssh-agent
ssh-add \path\to\user\privatekey
 
 
# Now enable automatic starting
Set-Service -StartupType Automatic 
It is strongly recommended that you back up your private key to a secure location, then delete it from the local system, after adding it to ssh-agent
Git for Windows might have messed things up, here's how to solve it

If you have Git for Windows previously installed, you have to explicitly change which OpenSSH instance to use. During the original installation, it was possible to choose between the GfW's SSH implementation or the native Windows implementation. If you chose the former, you need to change the default SSH implementation, with the following Powershell command:

git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe

manual test

After the ssh-agent is configured, use it once manually to see if it works as expected (git clone some-private-repo). Some pop-up may arise only once. Then restart your computer and try it again.

kb/scc/git/ssh.txt · Last modified: 2022/04/06 17:08 by joerg.hampel