On Tue, 9 Sep 2014 01:48:23 -0700 (PDT) [email protected] wrote: > I have run ssh-keygen to generate a rsa key which I pasted to the > authorized_keys file fore the git user on the git server. And all > works, I can run git pull and push commands without being asked for a > password. But if I run "ssh gituser@gitserver command" then I am > asked for the password. ssh is in git\bin. > I tried creating a ssh key with putty and adding that to the > auth_keys file as well but makes no difference. > Any ideas what I am doing wrong / have not understood?
The chief misunderstanding you seem to maintain is that the key is a sort of a password which you 1) generate; 2) make the other side know. Instead, SSH uses key *pairs* to ensure security: each key generated for SSH consists of the two pairs: private and public. The private one must be kept private, and the public one is safe to expose to everyone. The idea is that a particular public key uniquely identifies its matching private key, and the SSH protocol ensures the authenticating party is able to proof it possess the private key without passing it over the wire while authenticating. With default settings, ssh-keygen geneates two files under your ~/.ssh: "id_rsa" is the private key and "id_rsa.pub" is the public one (here, "id" stands for "identity" -- the term SSH uses to refer to its keys -- and "rsa" refers to the RSA cryptographic algorythm used to generate the key material). Hence, after you've generated a pair of keys, you have to transfer the public key to your SSH "server" and paste it there in the ~/.ssh/authorized_keys file of the user you want to be able to authenticate as using the matching private key. As to PuTTY, the sad thing is that it uses its own format for storing keys, incompatible with the de-facto standard, which OpenSSH uses (the implementation you most probably have installed on both sides). PuTTY is able to convert keys in its own format to that of OpenSSH and back, so, if you're about to use PuTTY for "client-side" Git operations, go ahead with generating keys in the PuTTY's own format and then transfer the public key in OpenSSH format to your remote -- puttygen.exe even shows you this key in this format in one of the main window's controls once you generate or load a key. -- You received this message because you are subscribed to the Google Groups "Git for human beings" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
