SSH stands for Secure Shell. SSH offers a secure way to remotely log in to another computer and issue commands, e.g. your website’s server.

SSL stands for Secure Sockets Layer. While most people still refer to SSL, SSL is technically the older version of the more modern Transport Layer Security (TLS) protocol. SSL is a protocol that’s primarily designed to protect the transmission of data between two parties with encryption and authentication.

You can use the ssh command line tool to debug your git connection:

  ssh -T git@gitlab.com 

For more debug output, you can add up to three levels of verbosity (-v or -vv or -vvv):

  ssh -v -T git@gitlab.com 

To establish a secure connection between your computer and GitLab via Secure Shell (SSH) you will need to create and install SSH keys. The private key resides on your computer, the public key is stored at the GitLab server.

• On a Mac, follow the steps in the GitLab SSH keys help
• On Windows, see the beanstalk article mentioned above
• run ssh-keygen -t ed25519

Add your key by navigating to the 'SSH Keys' section in your user profile, selecting 'Add SSH Key', and copy-pasting the public key to the 'key' field. Please copy the complete key (a long string starting with ssh- and ending with the comment you specified, usually your email address).

For server certificate errors, see 04 Debugging.

You can add options for the ssh client permanently in ~/.ssh/config (for the current user)

  Host 192.168.*.*
     StrictHostKeyChecking no
     UserKnownHostsFile=/dev/null

For added security, you might choose a passphrase for your SSH key. In this case, you usually have to enter the passphrase manually each time. This of course hinders automatisation.

The solution is to use ssh-agent. Which securely stores your passphrase, so you don`t need to enter it again.

To keep things as native as possible, we opted to use the built-in OpenSSH capabilities. This applies to: Windows Server 2022, Windows Server 2019, Windows 10 (build 1809 and later). Alternatively, you may use the SSH capabilities of Git for Windows.

1. Try using ssh-agent as described in the next session, if needed, install it via:
2. Open Settings, select Apps > Apps & Features, then select Optional Features.
3. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:

   1. Find OpenSSH Client, then click Install
   2. Find OpenSSH Server, then click Install

Now that you have installed OpenSSH, you must set up the ssh-agent service.

Open a Powershell instance with Administrator rights and run the following script:

# By default the ssh-agent service is disabled. Allow it to be manually started for the next step to work.
# Make sure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Manual
 
# Start the service
Start-Service ssh-agent
 
# This should return a status of Running
Get-Service ssh-agent
 
# Now load your key files into ssh-agent
ssh-add \path\to\user\privatekey
 
 
# Now enable automatic starting
Set-Service -StartupType Automatic 

If you have Git for Windows previously installed, you have to explicitly change which OpenSSH instance to use. During the original installation, it was possible to choose between the GfW's SSH implementation or the native Windows implementation. If you chose the former, you need to change the default SSH implementation, with the following Powershell command:

git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe

After the ssh-agent is configured, use it once manually to see if it works as expected (git clone some-private-repo). Some pop-up may arise only once. Then restart your computer and try it again.