How it works
SSH keys are required for authentication of the user when accessing Git server by SSH protocol. Private key is the one stored on the user workstation (optionally encrypted). Open (or public) key is stored in the user account page on the web site. When Git client accesses the remote repository through SSH, it uses this key pair to identify the user and acquire relevant access rights.
Prerequisites
You need to have Git client tools installed, see instructions here.
Normally if you have Git installed, you should have also SSH client available. On Unix/Linux it is installed by default in the system. On Windows it is typical to have several SSH clients installed; in particular they are included with Cygwin, MsisGit, TortoiseGit.
It is highly recommended to use for generation of SSH keys the tools that come with Git client you are going to use. Using incompatible tools (e.g. ssh-keygen.exe from Cygwin for code generation, and TortoiseGit GUI with default Putty client for connection to server) will lead to authentication problems.
How to generate a key
Generating key with command-line tools
If you prefer command-line tools, make sure you have ssh and ssh-keygen commands in the path. On Windows, you might need to start 'Git Bash' command prompt window provided by MsisGit.
Use the following command to generate SSH keys:
ssh-keygen -t ed25519 -C "your.mail@address.com"The last argument is optional (and arbitrary) human-readable comment which can be included with the public key and used to distinguish between different keys (if you have many). The common practice is to put here your mail address.
The command will ask you where to store the keys. It is recommended to accept default path "$HOME/.ssh/id_rsa" -- just press Enter for that. It will also warn if some key is already present in the specified file; you can either overwrite it by the new one, or stop generation and use that old key.
If you want to be on the safe side, enter password to encrypt the private key. You will be asked then to enter this password each time you use that key (e.g. access remote Git repository), unless you use the tool that caches the key (like TortoiseGit). If you do not want to bother, enter empty string.
On Windows, make sure to note the complete path to the files generated (it might be not straightforward to guess where your $HOME is).
Two key files will be created in the specified location:
- id_rsa - private key
- id_rsa.pub - public key
The content of the pubic key file (one text line) is the key to be added to the user account on the site (see below).
Generating key with Git GUI
GitGUI (standard GUI interface included with Git) provides option to either generate the SSH key (if not present yet) or show the existing one: just click Help/Show SSH key. Copy the public key content for adding to the user account page (see below).
Generating key with Putty
Some GUI tools on Windows (e.g. TortoiseGit, Git Extensions) come with SSH client Putty, and use it by default.
To generate the key with this client, run Puttygen (e.g. from Start menu -> TortoiseGit -> Puttygen), then click Generate. After the key is generated, you will see GUI controls to define public key comment and / or specify password for protection of the private key. When done, save both public and private key to files of your choice.
Copy the public key as shown by Puttygen to clipboard for adding the key in your account. Do not copy content of the Putty public key file -- it is formatted in the way not suitable for submission on the web site.
Adding public key in your account
Log in on the web site and click on 'My account' link in the right-side box. If you have a Contributor status, you will see a tab 'SSH keys' on the right. Click on that tab, then click 'Add a public key', and paste the text of the public key (see above sections on how to generate the key) into the text box. The key title is an optional identifier for the key; if left empty, the key comment will be used. Click Save to input the key to the system.
Please note that some time (5-10 min) is needed for the system to update the configuration after the new key is added. After that time, you can try accessing Git.