Git Security SSH

 What is SSH?

SSH (Secure Shell) is a secure protocol used to connect to remote computers and services—such as Git repositories—over an encrypted connection.

SSH relies on a pair of cryptographic keys (public and private) to verify your identity, ensuring that only you can access your code.

Key SSH Concepts and Commands

• SSH key pair: A public and private key used for authentication.
• ssh-keygen: Generate a new SSH key pair.
• ssh-add: Add your private key to the SSH agent so it can manage your keys.
• ssh -T git@github.com: Test your SSH connection to GitHub.
• ssh-add -l: List all SSH keys currently loaded in the agent.
• ssh-add -d: Remove a specific key from the SSH agent.

How SSH Keys Work — A Simple Explanation

If you’ve ever set up SSH to work with services like GitHub or Bitbucket, you’ve probably heard about SSH keys. But how do they actually work? Let’s break it down.

Imagine you have a lock and key system — but with a twist.

SSH uses something called a key pair:

• A public key – think of this as a lock you can install on any door you want to open remotely.

• A private key – this is your unique key that fits that lock, and you keep it safe on your computer.

Here’s what happens:

You share your public key with servers like GitHub. This doesn’t put your security at risk because, by itself, the public key can’t do anything. It’s like installing a lock on a door: anyone can see it, but without the matching private key, no one can open the door.

Your private key stays secret and secure on your machine. When you try to connect to the server, your computer proves it has the private key by solving a challenge (without actually sending the key itself). If the private key matches the public lock on the server, you get access.

It’s a clever, secure way to log in without typing your password every time — and without the risk of that password being stolen.

In short:

• Public key → share freely (like putting a lock on the server).
• Private key → keep safe (like your personal master key).

And that’s the magic behind SSH keys — secure, elegant, and surprisingly simple once you get the idea! 

Generating an SSH Key Pair

Want to connect securely to services like GitHub without typing your password every time? You’ll need an SSH key pair. Here’s how to create one:

Step 1: Open your terminal

This works on Linux, macOS, or Git Bash on Windows.

Step 2: Generate the keys

Run this command (replace the email with yours to label the key):

ssh-keygen -t rsa -b 4096 -C "your@email.com"

Here’s what this does:

• -t rsa → chooses the RSA algorithm.

• -b 4096 → makes your key stronger by using 4096 bits.

• -C → adds a comment to help you identify the key later.

Step 3: Follow the prompts

You’ll be asked:

• Where to save the key file → press Enter to use the default location (~/.ssh/id_rsa).

• Whether to set a passphrase → optional, but highly recommended for extra security.

And that’s it! 

You now have:

• A private key (keep it safe!).

• A public key (share this with the services you want to connect to).

Adding Your SSH Key to the SSH Agent

Once you’ve created your SSH key pair, you need to tell your system to use it when connecting to services like GitHub. This is where the SSH agent comes in — it safely holds your private key in memory so you don’t have to type your passphrase every time.

Step: Add your key to the agent

Open your terminal and run:

ssh-add ~/.ssh/id_rsa

This command loads your private key (stored by default in ~/.ssh/id_rsa) into the SSH agent.

That’s it!

Now Git and other tools that use SSH can authenticate automatically, making your workflow faster and smoother. 

Copying Your Public Key

To connect your computer to Git hosting services like GitHub, GitLab, or Bitbucket, you need to add your public key to your account settings.

Here’s how to copy your public key, depending on your system:

macOS

pbcopy < ~/.ssh/id_rsa.pub

This copies your public key directly to your clipboard.

Windows (Git Bash)

clip < ~/.ssh/id_rsa.pub

Linux

cat ~/.ssh/id_rsa.pub

Then manually select and copy the output.

Once copied, go to your Git hosting service’s SSH keys page and paste the key there.

Listing and Removing SSH Keys

Sometimes you might want to see which keys are currently loaded in your SSH agent, or remove one you don’t need anymore.

List loaded SSH keys

ssh-add -l

This shows all keys currently managed by the SSH agent.

Remove a specific key from the agent

ssh-add -d ~/.ssh/id_rsa

This unloads the specified key so it’s no longer used for authentication.

With these steps, you’ll have full control over your SSH keys — and a smoother, password-free workflow! 

Troubleshooting SSH (Made Simple)

Running into issues with SSH? Here are a few quick checks to fix the most common problems:

"Permission denied"?

• Make sure your public key is added to your Git host (like GitHub, GitLab, or Bitbucket).

• Check that your private key is loaded into the SSH agent:

ssh-add -l

Fix file permissions

Your private key should only be readable by you. Run:

chmod 600 ~/.ssh/id_rsa

Get more details

Use verbose mode to see what’s going wrong:

ssh -v git@github.com

Check your remote URL

Make sure it starts with:

git@

and not https://.