please help me to understand how yubikey works with GPG.
I have a key, and i moved it to yubikey. But before that i made a backup my .gnupg folder.
After that, i removed yubikey to use it on another PC.
On the PC i removed .gnupg folder and restored .gnupg folder and restored .gnupg folder from backup.
So, i expect that i have the same keys on my PC and on yubikey.
But if i encrypt something with yubikey, like gpg -e -r 'mykey' 123.txt
I can't decrypt it on my PC with the same key.
It says:
gpg: encrypted with RSA key, ID 3435KSLDKJFLKSJF234
gpg: decryption failed: No secret key"
But i have secret key. What happens?
Yubikey stores the private keys and thus the operations executed on Yubikey are sign and decrypt. (The public keys can also be found on the Yubikey card - because each OpenPGP private key contains a copy of the public key)
When you move a key to Yubikey - the private key is removed (actually only a stub remains) from GnuPG keys folder and it resides only on the Yubikey card. The only way to decrypt now is by using the Yubikey card.
Related
First, I am an absolute noob with git, repos and command line. I have repo on Bitbucket and I basically want to be able to push to the repository via gitbash without entering a password each time.
What I have:
A repository on Bitbucket with the code already set up.
A local directory where the repository is cloned.
A public key and a private key generated via PuTTY.
Public key added to Bitbucket via the Manage SSH keys page.
How do I now make it work so that I don't have to enter the password each time I push from the gitbash terminal? I'm using Windows 10.
Please follow the steps to add ssh key into bitbucket account to solve your issue.
Open git bash terminal and enter the command ssh-keygen -t rsa -C "your email address"
Enter passphrase (leave it blank) and enter
Enter the same phrase again (leave it blank) and enter
Copy the id_rsa.pub file content from where it is residing in your system (C:\Users\username\.ssh)
Login to bitbucket account and click top right most user icon ->bitbucket settings->ssh keys under security menu then paste into key field and save it.
6.Restart your git bash terminal and enter git init command and add ssh git repository location git#bitbucket.org:username/repository_name.git which is present in your bitbucket repository.
Enjoy!
There are two ways to load a remote git repository: using SSH and using HTTPS.
SSH will use a key pair, and requires the public key to be added to your BitBucket/GitHub profile.
HTTPS requires your BitBucket/GitHub username and password. You will be promoted for your password every time you interact with the remote server (clone, fetch, push, pull).
If you are currently being prompted for a password, that means the remote URL is currently set to use HTTPS. You can determine this be running git remote -v. To change to use SSH, you need to update the remote URL to the SSH URL by running git remote set-url <remote alias> <SSH URL>. If you only have one remote server, <remote alias> will be origin. You can find the SSH URL in BitBucket/GitHub under the clone option of the repository.
1) create .ssh folder under your home directory like:
mkdir C:\Users\USERNAME\.ssh
2) Copy id_rsa and id_rsa.pub into directory from previous step
3) Close and open cmd (console window)
4) You need to clone the repository as SSH repository, like:
git clone ssh://git#bitbucket.test.com:USERNAME/repository.git
Then it should work.
Following this guide
I think you are missing that after you have generated the SSH keypair, you need to add the SSH private key to pageant, PuTTY’s key management tool.
First, run pageant, which can be found in the directory where you have installed PuTTY package (remember, by default: c:\Program Files\PuTTY). You will see a small icon in your system tray (see the screenshot to the right), which indicates pageant is started. Click on the icon and in pageant window click “Add Keys”. Add the private key that was generated by puttygen in the previous step. The private key has extension .ppk, that is the easiest way to distinguish it from the public key you have created.
After you add the SSH key, you should see it in pageant key list.
Don't use PuTTY to generate the key.
Create a new key with ssh-keygen in .ssh. Leave passwords blank.
Open that new key in PuTTY.
Copy and paste it into the Bitbucket Key field.
Save key with PuTTY and Bitbucket.
It should work.
if you need to update multiple putty sessions on windows via powershell:
set-Itemproperty -path HKCU:\Software\SimonTatham\PuTTY\Sessions\sessionname -name PublicKeyFile -value "C:\Users\username.ssh\putty.ppk"
For Windows 7 users:
Open Git Bash and type ssh-keygen, and press Enter three times
(one for location, and two for empty passphrase).
Now, a dir .ssh should list these two files: id_rsa id_rsa.pub
Add the public key to your Bitbucket settings, as described in Set
up an SSH key
,
Step 3. You basically copy paste the contents of file "id_rsa.pub"
to your profile in BitBucket via the web interface (no admin rights
required of course).
Restart Git Bash.
Go the destination directory, where you would like to clone your repository
and do a git init
Get the ssh from the Clone of the repo, and then do git clone ssh://git#bitbucket.test.com:YOURUSERNAME/myrepository.git
I cannot find a simple step-by-step guide to setup an OSX machine with Bitbucket and SSH.
So it requires me to google for different pages (to create SSH keys and to set them up in Bitbucket) whenever I'm setting up a new machine. It seems valuable to have one complete list available in StackOverflow.
It's actually pretty straightforward.
Check if you have a public key already that you could reuse:
ls -a ~/.ssh
If there is NO public key file id_rsa.pub then generate one:
ssh-keygen
Accept defaults. I don't enter password because I prefer to keep my hard drive encrypted whenever the repository contents are critical.
Copy your public key to clipboard:
pbcopy < ~/.ssh/id_rsa.pub
Let Bitbucket know the identity of your computer:
Go to https://bitbucket.org
Open your account settings under your avatar
Find "SSH keys" and choose to add a new one
Paste your public key from pbcopy
Clone (pull, push or whatever) your repository using SSH:
hg clone ssh://hg#bitbucket.org/<username>/<repository>
First time you will get a warning similar to this:
The authenticity of host 'bitbucket.org (104.192.143.1)' can't be established.
RSA key fingerprint is 97:...:40.
You should google for "Bitbucket fingerprint" and compare what you see in terminal with what Atlassian documentation gives because fingerprints could change and can be faked.
Have fun!
I'm trying to get multiple Bitbucket accounts working from the same machine via SSH.
In my .ssh\config file, I have:
Host account1.bitbucket.org
Hostname bitbucket.org
PreferredAuthentications publickey
IdentitiesOnly yes
IdentityFile ~/.ssh/account1
Host account2.bitbucket.org
Hostname bitbucket.org
PreferredAuthentications publickey
IdentitiesOnly yes
IdentityFile ~/.ssh/account2
Then I'm changing the remote for the git repo to use the alias:
git#account1.bitbucket.org:myUserName/myRepoName.git
git#account2.bitbucket.org:myUserName/myRepoName.git
Then in Pageant (in the system tray), I'm adding both my PPK keys.
Unfortunately if I've added both keys to Pageant, only one of the accounts work.
If I only have one key in Pageant at a time, then it'll work for whichever Bitbucket account I added to Pageant.
So it looks like pageant isn't using the correct key if there's more than one key in its list.
Any ideas on why it's doing this?
This link on Atlassian Answers explains how to use PuTTY and SSH with multiple bitbucket account:
One way to resolve this is to perform the same configuration in PuTTY
too to disambiguate what key to send (and therefore which user to
authenticate as).
Start PuTTY (download it from putty.org if you don't have it)
Type 'bitbucket.org' in the host name field
Go to Connection > SSH > Auth in the tree
Specify the key to use for the BB user
Go back to 'Session' in the tree
Type an alias name underneath 'Saved Sessions' (e.g. bb-user1) and
Save
Repeat 2-6 for each BB user and save as a different session name
Then in your remote URLs, replace 'bitbucket.org' with the session
name (e.g. bb-user1) to disambiguate what SSH key to send first. This
is identical to using IdentityFile in OpenSSH.
Finally, you can add the keys in pageant to cache the key passcodes.
I got this working by not using Pageant. I'm using Sourcetree as a Git GUI, and in the options, there's a dropdown saying whether to use OpenSSH or Putty/Plink.
Based on the description by Steve Streeting here:
https://answers.atlassian.com/questions/164479/sourcetree-support-multiple-ssh-keys
It sounds like Pageant doesn't use the .ssh\config configuration anyway.
By changing to OpenSSH, then regenerating the keys using ssh-keygen, and adding the private keys via Sourcetree's "Tools .. Add SSH Keys" menu, this is now working perfectly using different keys across multiple accounts. I just need to alter the remote url of each git repo to use the correct alias in the config file (as described in my initial post).
Update:
I've written a blog post about this here:
http://www.danclarke.com/multiple-ssh-keys-for-git/
my client sent me two keygen files (one is public and the other is private) and asked me to follow these steps to get their source:
$ vim .ssh/config # create a ssh config
Host git.xxx.com
IdentityFile ~/.ssh/keys/yourSource
$ keychain ~/.ssh/keys/yourSource # load the private key with keychain
$ git clone git#git.yourSource.com:something.git
$ cd something
I've put the keygen files they sent me in ~/.ssh/keys. I gave them my public key and they said they'd set it up.
But I have problems after creating the config file. I wasn't allowed to use "keychain" command on windows platform. (Git bash displays "command not found".) Is there any way else I can load the private key?
I doubt you need the keychain command. This one is used on Unix environments (Linux/Mac) only.
What you need on Windows is this setup:
in your c:\Users\.ssh folder, have two key files (default names id_rsa and id_rsa.pub). Use those provided or generate some with ssh-keygen
provide the contents of the public key to your client for setup with git repository
test the setup with git clone.
It is a bit strange that the client has provided you with both private and public keys rather than asking you to generate your own. The whole purpose of the public/private keys in security is to ensure that the private remains private so that the identity of one user/commiter can't be duplicated. If they have your private key then someone might (even accidentally) use your identity to access the git repository.
I have an SSH access to my web hosting, it works great with PuTTY (I just had to enter my domain, username and password), however it seems much more complicated with SourceTree.
While PuTTY has a field for "Host Name", "username" and "password", SourceTree doesn't and requires a special file ".ppk"?!
I need to connect SourceTree to my web hosting via SSH for the obvious reason that I want to use it to push to a remote repository located on my web hosting.
So how do I get a .ppk file generated from my domain/username/password? Any help greatly appreciated!
PS: I've noticed that they made it exceptionally easy to connect to BitBucket by offering two simple fields: "username" and "password", and made it exceptionally difficult to connect to a third-party SSH... Is it an intentional attempt to prevent competition?!
I had to do some additional work from Patoshi's answer.
In Tools > Options > General > SSH Client Configuration, I had to point it to the id_rsa key, and select OpenSSH as the SSH Client (Putty/PLink is selected by default).
Then each time you start SourceTree, a prompt will appear asking for the passphrase to decrypt the id_rsa key (assuming you created it with a passphrase to encrypt it). This looks like so:
At that point, I could go to the Clone page, paste in the SSH address from my Gitlab project (git#localgit.local:Blah/Whatever.git) and it cloned it. No extra prompts for username or password (since it is using SSH keys).
There are two ways to connect SourceTree to any SSH.
1: The Simplest Way
The simplest way is by using your domain name, username and password provided by your Web Hosting Provider:
Simply use the following syntax: ssh://username#example.com/ – SourceTree will then prompt you to enter your password whenever you push to that SSH:
If you check the Remember password checkbox, your password will be saved and you will not be prompted again for it. You can edit or remove the stored password at a later time by going to Tools > Options > Authentication as shown on the image below:
Note: In my case (1&1 Shared Hosting), the username and password were both the same as my main FTP account.
2: The More Complex Way
The more complex way is by using a Private/Public Keys Pair:
This implies generating two keys (one "private" and one "public") using the "PuTTY Key Generator" (in SourceTree go to Tools > Create or Import SSH Keys).
Once generated, save the private key to a .ppk file and load it in SourceTree (Tools > Create or Import SSH Keys > Load). It's not over yet: now you must add the public key to your server. To do that, add it to the following file on your web server: /.ssh/authorized_keys.
If this file doesn't exist, save your public key to a file named authorized_keys and upload it to your server via FTP. You must upload it into a directory named /.ssh/ located at the root (if it doesn't exist, simply create it).
Note: Make sure to use the main FTP account of your hosting account. If it doesn't work, adjust the permissions (chmod) of the authorized_keys file and set it to 777 using your FTP software (Right-click on "authorized_keys" > File permissions):
No need for command line whatsoever.
I had some trouble getting SourceTree working with an existing git repo that resided on gitlab. I also had to figure out why it wasn't connecting as I was using puttygen to generate the keys.
Make sure after you generate your keys to export it to the OpenSSH format
You place this file in your c:\user\MYUSERNAME.ssh folder as the file:
id_rsa
id_rsa.pub
the id_rsa is the private key file and .pub is the public key file that you paste into your other application, which in my case was gitlab.
Generate SSH key, private and public
Source Tree > Tools > Create or Import SSH Keys
Putty
Click Generate
Save public key under .ssh folder
Save private key under .ssh folder
Add private key to Pageant, running in background
Clone the git project using SSH key