I can't get the system of managing ssh keys.
I want to push application to Heroku, so I tried to push but get error.Here is my log
$ git push heroku master
! Your key with fingerprint bf:f6:ed:14:9d:cd:52:a2:a3:16:b2:e9:b4:f2:bf:ba is not authorized to access warm-samurai-6574.
fatal: The remote end hung up unexpectedly
User#PK /e/examples (master)
$ heroku keys:add
Found existing public key: C:/Users/User/.ssh/id_rsa.pub
Uploading SSH public key C:/Users/User/.ssh/id_rsa.pub
!This key is already in use by another account. Each account must have a unique key.
User#PK /e/examples (master)
$ heroku keys
=== 1 key for denys.medynskyi#gmail.com
ssh-rsa AAAAB3NzaC...etyxYh4Q== User#PK
Every account has own ssh key. So I can push from any computer, because ssh key is pushing to heroku ?
Every application on heroku should have own ssh key or not ?
Basically, your computer has an SSH key. However, the SSH key on it is associated with another Heroku account (different from the one you are using now). Your best bet would be to generate a brand new SSH key and add it to Heroku.
Just make a new SSH key on your machine and upload it to Heroku:
$ ssh-keygen
Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.
$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub
This should allow you to use Heroku.
As for your other questions: you can push to Heroku from any computer as long as you add the computer's SSH keys through heroku keys:add. And no, every application does not need to have it's own SSH key.
Your computer has an SSH key, but that SSH key is associated with another Heroku account. If you need to use both accounts for different applications on the same computer you should make a new SSH key on your machine and upload it to Heroku:
$ ssh-keygen
Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.
$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub
You then need to add another host to your ~/.ssh/config:
Host heroku-alt
HostName heroku.com
IdentityFile ~/.ssh/new_id_rsa
And then update the .git/config in your project to use the host alias:
[remote "heroku"]
url = git#heroku-alt:myapp.git
fetch = +refs/heads/*:refs/remotes/heroku/*
By choosing between heroku and heroku-alt in the remote of the .git/config files of specific projects you can manage which projects use which credentials.
Heroku requires an SSH key to be unique to an account. Two accounts cannot have the same ssh key.
You can do ONE of these to solve your issue:
Unlink the ssh key from the other heroku account. Chances are you are not using that account. This is path of least resistance.
Delete the existing keys. Generate a new ssh public/private key pair. Advantage is you will retain the default name for keys and thus it will be automatically found by any application you use.
Generate a new ssh public/private key pair and save it alongside your existing keys. The disadvantage is, these two keys will have a custom name. If you end up using these keys often, you will need to locally set configure ssh to use these instead of the default id_rsa. This does require some work and might get involved.
Which you choose really depends on you.
If you choose the third option, refer this answer https://superuser.com/a/272613/25665 for how to configure ssh locally to always use the new keys for heroku. In case you are wondering why bother with this, well, you will be interacting with heroku by pushing to a git repository. That requires you to be authenticated using ssh. By default it will use the older keys and you wont be able to push. Its just easier to instead tell ssh to use the alternate key when interacting with warm-samurai-6574.heroku.com
The following link has instructions on creating a new key. You will need to either accept the default names or give custom ones depending on which option you chose.
https://devcenter.heroku.com/articles/keys
Can you push from any computer?
Again, it depends. If the computer has your ssh keys and its configured to use your keys for the heroku domain, then yes. You can instead choose to not copy your keys there and simply add the ssh keys present there to your heroku account.
Does each app require a unique key?
No. You can have multiple apps under one heroku account. They all will share the keys you upload to your heroku account.
Let me see if I understand this correctly.
Most of the replies are agree on that the ssh keys we are using for git identifies the computer, because the suggestion they made is to regenerate the key on the other computer and upload it to Heroku.
From my point of view the SSH key should identify me as a developer of the app, and this is what creates the confusion. This means I have to bring my private and public keys with me and use it on any computer I use which can be accomplished with a pendrive or something similar.
So my suggestion is: copy your public and private keys with you, put them in the computer you want to use for pushing to Heroku and protect your private key with a password.
Related
I already have an SSH key, it is I use it with GitHub, but they have provided me with another one to enter a server on AWS, a RedHat 7.
It was actually a .ppk to use with PuTTY, but with the generator I converted it to an SSH key.
I have added it and it worked correctly, the problem is that every time I want to use it I have to add it again, and I don't know why I forgot it.
Thank you very much.
I have to add it again
It depends by what you mean by "add it".
If it is ssh-agent add, you only need to do that when the private key is passphrase protected.
if it is "adding to the remote server ~/.ssh/authorized_keys", you only need to do that once, with the public key associated to/derived from the private key.
On my Windows 8.1 dev machine I have replaced my broken HDD with a new one and installed Git. I now want to continue to commit changes to a project (which I've copied, with git folder, to my new HDD from a backup) using the same credentials I used before. But my SSH keys are now irretrievably lost on the old HDD. Is there a way to continue to contribute to the project as "me"?
If you are using SSH to authenticate against a remote repository, then you don't necessarily need your old key. You can generate a new key pair and add the public key to your remote repository. How that works in detail depends on what service you are using.
Your "git identity" is tied to your name and email address used in commits, not to your method of authentication.
I use console2 in combination with git bash in order to interact with my local git repositories and by extension several github and bitbucket repositories also.
I use an ssh key pair to authenticate myself to these services, howevermy ssh key pair has an associated password.
This morning I found that I was no longer required to enter this password n my laptop in order to complete the authentication process.
I did some testing and it seems that the same key present on my desktop machine still requires me to enter my password.
So my question is.... why am I no longer required to enter my password on my laptop in order to authenticate with these servers?
Sounds like you have ssh-agent (sshagent.exe) running.
It is a small utility which allows you to enter your key's passphrase once and it then holds it "unlocked" for further use without you needing to re-enter the passphrase each time. Killing it will cause the original behaviour.
ssh-agent comes along with ssh in a standard msysgit installation. I'm not sure if something's changed that now means it's used by default or not though. Another explanation as to why it's running might be if you've installed posh-git and ran a Powershell session. By default (I believe - it's been a while), it'll run at the start of the session and ask for your key's passphrase. I use it every single day with this configuration as my passphrase is quite long... :-)
Something to do with having git-credential-winstore installed on your laptop?
I am writing an app hosted on Heroku which performs read/write operations on private GitHub hosted repositories.
I have done the following
Generated an SSH key, using the same email as my GitHub account
Added the SSH public key to my GitHub account which has admin privileges to the repository
Added the SSH public key to Heroku using heroku:keys add
When trying to perform any git operation on a GitHub hosted repository (that I have total access to), I get "Host key verification failed"
I'm not sure what I'm doing wrong.. as far as I can tell, the Heroku app should be able to read and push to the repo on GitHub just fine.
If I run the same script locally, everything works like a charm.
Hoping someone can help me out.
After hearing back from Heroku support, they mentioned something along the lines of what VonC said. The key wasn't available in Heroku so it was failing.
Although what VonC said would work I imagine, I resolved to using an OAuth Token for my git operations instead of sharing private and public keys away.
As per this article, you can use a GitHub OAuth token in place of a username and all works fine. Setting it as a Heroku config var also means that it never has to appear in your code.
https://help.github.com/articles/git-automation-with-oauth-tokens
If I run the same script locally, everything works like a charm.
That is because locally, in your $HOME/.ssh, you have both the private and public key.
You need both to access a repo hosting server (like GitHub or Heroku).
That means: if Heroku needs to access directly GitHub, it also needs the public and private ssh key.
You need (as in this article) to reference your private key as config vars
heroku config:add PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
MMMMMMMMaaaaaammmmammamamammamaasdhkghkdahgj8234joihsdfJHHKJGHGG
...
-----END RSA PRIVATE KEY-----"
make sure you pass the config var when you load the key.
key = OpenSSL::PKey::RSA.new ENV["PRIVATE_KEY"], 'notasecret'
And your Heroku App will be able to use that private key when contacting GitHub.
Note that sharing private keys is frowned upon, so generating a new public/private key dedicated for Heroku accessing GitHub (and adding the new public key to the GitHub repo) is preferable.
You will find similar approach (for an Heroku app to access a private ssh key) in:
"bwhmather/heroku-buildpack-ssh"
issue 17
Due to some serious problems with a Git repo on Windows over HTTP, we're moving our Git 'server' to Linux.
Assuming I have already the msysgit for Windows installed and Putty, how will I authenticate the SSH connection when I clone, pull and push?
In case of SSH:
on the server, you'll need to allow authentication with public and private keys, you can google how to do it, for example http://shapeshed.com/setting_up_git_for_multiple_developers/
on the client, just put your private key into .ssh folder in your windows home, for example C:\Users\Name\.ssh, much like on unixes.
You can still use HTTP, it will either (1) always ask for username and password or (2) you can also put username and password into the URL: https://username:password#git.mydomain.com/...
This page has everything covered about using PuTTy for Git public key authentication.
In short:
Generate keypair with puttygen
Put the public key in server
In your local computer, set GIT_SSH environment variable to point to plink.exe
Run putty pageant and load your private key there
I recommend working through this tutorial.
The caveat is that it talks about github, so the story of telling the server about your SSH key is different.
What's also different is how do you intend to manage your developers.
The "problem" is that SSH operates with real remote (server-side, I mean) users, which have to have regular Unix system accounts.
This is okay if you have just a handful of developers. You then just need to add all of them to a special group (say, devel) and make sure you initialize your server-side bare repos using git init --bare --shared=group and make them group-writable and belonging to that group devel (this might also be helped out by creating all the repos under a directory which has its "group sticky bit" set and belongs to that group devel).
To distribute the public part of a developer's key to the server in such a setup you have to literally copy and paste that key part (from the developer's id_rsa.pub file, it's ASCII) to the file /home/developer/.ssh/authorized_keys file. If that file does not exist, create it.
If the key was generated on a machine with OpenSSH client installed, you can transfer the key using the ssh-copy-id program, in one step.
This might become messy, so you might consider implementing a solution which virtualizes Git users (like github does). There are plenty to choose from:
gitolite — supposedly the most popular solution. No frills, is administered using a specialized admin Git repo holding the developers' public keys and a configuration file describing the repos and permissions on them. Plain Perl, installable as a package on most sensible distros.
gitlab — a turn-key all-in-one solution. Written in Ruby, so you might face maintenance nightmares.
gitblit — another all-in-one solution, written in pure Java (note that it does not call out to vanilla Git and uses a pure Java Git layer — JGit).