On Tue, 9 Sep 2014 01:48:23 -0700 (PDT)
j...@norricorp.f9.co.uk wrote:

> I have run ssh-keygen to generate a rsa key which I pasted to the 
> authorized_keys file fore the git user on the git server. And all
> works, I can run git pull and push commands without being asked for a
> password. But if I run "ssh gituser@gitserver command" then I am
> asked for the password. ssh is in git\bin.
> I tried creating a ssh key with putty  and adding that to the
> auth_keys file as well but makes no difference.
> Any ideas what I am doing wrong / have not understood?

The chief misunderstanding you seem to maintain is that the key is a
sort of a password which you 1) generate; 2) make the other side know.

Instead, SSH uses key *pairs* to ensure security: each key generated
for SSH consists of the two pairs: private and public.  The private one
must be kept private, and the public one is safe to expose to everyone.
The idea is that a particular public key uniquely identifies its
matching private key, and the SSH protocol ensures the authenticating
party is able to proof it possess the private key without passing it
over the wire while authenticating.

With default settings, ssh-keygen geneates two files under your ~/.ssh:
"id_rsa" is the private key and "id_rsa.pub" is the public one
(here, "id" stands for "identity" -- the term SSH uses to refer to
its keys -- and "rsa" refers to the RSA cryptographic algorythm used to
generate the key material).

Hence, after you've generated a pair of keys, you have to transfer the
public key to your SSH "server" and paste it there in the
~/.ssh/authorized_keys file of the user you want to be able to
authenticate as using the matching private key.

As to PuTTY, the sad thing is that it uses its own format for storing
keys, incompatible with the de-facto standard, which OpenSSH uses (the
implementation you most probably have installed on both sides).
PuTTY is able to convert keys in its own format to that of OpenSSH and
back, so, if you're about to use PuTTY for "client-side" Git operations,
go ahead with generating keys in the PuTTY's own format and then
transfer the public key in OpenSSH format to your remote -- puttygen.exe
even shows you this key in this format in one of the main window's
controls once you generate or load a key.

You received this message because you are subscribed to the Google Groups "Git 
for human beings" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to git-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to