A programmer who is new to github or new to gitlab with each manipulation of the repository such as clone code, pull, push will have to enter the account and password for github to authenticate, this repeats and takes time. Time, fortunately, there is SSH protocol that helps us to manipulate the repository every time we do not need to provide a username and password anymore but still ensure security.
Introduction to SSH
What is SSH?
SSH is a network protocol used to establish an encrypted network connection that is strong enough to prevent eavesdropping and stealing information on the transmission line to create a private connection channel between server clients. security.
The working mechanism of SSH
SSH works in 3 simple steps:
- Host identifier – identifies the identity of the system participating in the SSH session.
- Encoding – establishes the encoding working channel.
- Authentication – authenticates the user who has access to the system.
Details of SSH’s working mechanism can be found here
SSH encryption techniques
SSH can use 3 encryption techniques are
- SSH Symmetrical Encryption
- SSH Asymmetrical Encrytion
- SSH Hashing
Here we will learn about Asymmetrical Encrytion
Asymmetrical Encrytion uses 2 different keys for encryption and decryption. These two keys are called the public key and the private key. Both form a key pair which is the public-private key pair. In particular, the public key will be public to all stakeholders while the private key must be kept secret to ensure safety.
Asymmetrical Encrytion is only used during symmetric encryption of the key algorithm. before starting a secure session. After a secure symmetrict connection has been established, the server uses the client’s public key to create and challenge and pass it to the client for authentication. If the client is able to decrypt the message, it means it is holding the correct private key needed for the connection.
Check for available keys on ubuntu
The keys are saved in the .ssh directory, and will be found in that directory
Here we see the private keys id_ed25519 and id_rsa, public keys with .pub extension id_ed25519.pub and id_rsa.pub
Generate private and public key pairs with GitHub account email
B1: Use the command
$ ssh-keygen -t ed25519 -C " [email protected] "
B2: Next will ask us where to store this key pair, suggesting enter to save the default, but saving the default will overwrite the existing key pair id_ed25519, so we will enter the path to the file that stores the folder. the key is (/home/nguyenthinh/.ssh/id_demo) where id_demo is the filename I will save the newly generated public and public key.
B3: Enter a secure password, this part can be empty
B4: So the key pair has been created
B5: check with the command
$ ls -l
See file id_demo (Private key) and id_demo.pub (public key)
B6 Add SSH private key to ssh-agent. Adding an SSH key to ssh-agent ensures that your SSH key has an extra layer of security through the use of a passphrase.
$ eval "$(ssh-agent -s)"
$ ssh-add ~/.ssh/id_demo
B7: Copy the public key using xclip to copy the file’s content
$ xclip -selection clipboard < ~/.ssh/id_demo.pub
Now that we have the public key, just add it to your github account
Some bugs need attention
- An error that I often encountered before is that I often copy the public key by mistake, maybe I create the key id_demo as above, but when I copy the key id_ed25519 again.
- Another error is that I create a new key and then overwrite the old key id_ed25519 and the old key then cannot be used.
- Error forgetting to add key to ssh-agent at B6
- ! Regularly review your SSH key list and remove any keys that are invalid or compromised.
- ! If you haven’t used your SSH key for a year, GitHub will automatically remove your inactive SSH key as a security measure.
Add SSH key to GitHub account
- Log in to your github reference, go to settings> SSH and GPG keys
- Select Add new Key to create the key, enter a title and paste the public key you just copied
- Enter the password to confirm
- That’s it, we can clone, push, pull code using SSh protocol for more convenience, each operation does not need to enter password like https protocol anymore.