Skip to content. | Skip to navigation

Personal tools

Sections
You are here: Home / Developer / Repositories / How to send your public SSH key

How to send your public SSH key

EnclosedEffort repositories are not publicly accessible; here we show how to generate and send us your public SSH key, so we can provide you with access to enclosed repos.

Introduction

Access to several important Evolvix repositories and other related research repos is managed by Gitolite and requires that your computer has been configured with a public-private encryption key pair. The central Gitolite repository server determines the access rights of users based on this public-key cryptography enabled by the "ssh" infrastructure.

Thus, we need your public ssh key in order to provide you with access to an EnclosedEffort (EE) repository (repo), such as the core Evolvix developer repositories. This key is required by Gitolite for allowing you to securely access the respective repos without a password. The key will only work for EE repos you have been granted access to. Please follow the instructions below for how to generate your public ssh key and how to send it to us.

We assume that you know how to open up a command line. For example, on a Mac you can use this program: /Applications/Utilities/Terminal.app


Do not email your private key to us or anybody (emailing will compromise its secret and thus requires generating a new key if the repos are to remain secure).

Windows exceptions. The instructions below work for MacOSX, Linux, and Unix in general, but happen to not work on Windows. As far as we know, the easiest way for producing an SSH key for Windows that works with Gitolite, is to produce such a key on a Mac or on Linux, and then transfer it to the corresponding user folder on Windows. Do not use un-encrypted USB sticks for such transfers, as it is often unpredictable, when the corresponding files will be erased from this storage medium.

Do you Already Have Encryption Keys on MacOSX?

To see if you already have an SSH key pair, open up a command line (for example using: /Applications/Utilities/Terminal.app), and type the following sequence of Unix commands (only the bold parts, you can ignore the # comments):

cd                            # change directory to home folder of current user
cd  .ssh 
                  # change directory to the invisible ".ssh" folder

 

If this folder does not exist, because no encryption keys have ever been generated for this user, the terminal application will reply with something like this:

-bash: cd: .ssh: No such file or directory

This means you have no ssh keys. In this case continue with the next section ("Generating key-pair...").

 

If this folder does exist, the terminal application will have set the currently active working directory to this folder, allowing you to check its content by entering:

ls   -l                        # list -long format of the folder content

If you already have encryption keys, the terminal application should reply with something like this:

-rw-------@ 1 user  group 1766 Aug  7  2012 id_rsa                # your private ssh key: guard this important secret at all times! Never email this!
-rw-r--r--@ 1 user  group   402 Nov  8  2011 id_rsa.pub         # your public  ssh key: this file is what we need; it can be safely emailed.
-rw-r--r--     1 user  group   425 Jun  2  2013 known_hosts      # some other file you can ignore.

In this case continue with the section below on ("Sending key by email..."). The file you want is "id_rsa.pub", which is your public key that may safely be known by everyone. Do not confuse it with "id_rsa", which is your private key to be guarded as if it was your identity, because it is your digital identity

Creating Your Public Encryption Key-Pair on MacOSX

Only do the following if you do not already have an SSH key pair (see test above).

Open up a command line (for example using: /Applications/Utilities/Terminal.app), and type the following command:

ssh-keygen -t rsa

You will receive a number of prompts, for which you should not enter any custom values:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/JohnDoe/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Leave them blank and press enter if you want the easiest way of using this system.

For example, to avoid the need to tell SourceTree, where your keys are, leave them in the standard location; and no need to ensure the Apple KeyChain has your passphrase (or entering it every time you start SourceTree), because you did not enter one in the first place. However, such ease of use makes it also much easier to steal your new digital identity, as possession of the file is enough. The program may respond with the SHA256 key fingerprint, and the key's random-art image, which may be used for additional security checks. If you plan to transfer the new keys to a Windows system, the use of a passphrase might be even more complicated.

 

Submitting your Public (not Private!) Encryption Key

Press Command + Shift + "." (dot) simultaneously while in the file selection dialog

Then navigate to the following files, inside of your invisible .ssh folder (replacing JohnDoe with your name in this path):

/Users/JohnDoe/.ssh/id_rsa.pub               # DO copy this file with the PUBlic key from the invisible .ssh folder
/Users/JohnDoe/.ssh/id_rsa                      # do NOT copy this file with the PRIVATE key from the invisible .ssh folder

Be sure to send the file with the ".pub" extension. Your public key is located at /Users/(YourUserName)/.ssh/id_rsa.pub

The one without "." extension is your private key, which should not be shown to anybody.

Once the administrator has added your public key to the server configuration files, you will be able to use the Git repos on the server.

 

Alternatively, to copy the public part of the key out of the invisible folder to send it to us, you may enter something like the following copy command on the command line:

cd                                                                                                     # reset working directory to the users home folder
cp       .ssh/id_rsa.pub     ./__MyPublicSSH_Key4Gitolite.txt     # copy from the secret folder to the top of a user's home folder

As a result the key file ("__MyPublic...") should be found somewhere before the letter "A" in your operating system's home folder. From there it is easy to compress and attach to an email to the Gitolite administrator Laurence Loewe (). Again, please do not email the private key.

 

Lastly, you can switch on the Mac ability to see invisible files (see below), then find the corresponding file inside of your invisible .ssh folder (replacing JohnDoe with your name in this path):

/Users/JohnDoe/.ssh/id_rsa.pub               # DO copy this file with the PUBlic key from the invisible .ssh folder
/Users/JohnDoe/.ssh/id_rsa                      # do NOT copy this file with the PRIVATE key from the invisible .ssh folder

and then email use email as you might have otherwise.

 

 

Seeing Invisible Files on the Mac

To show invisible files you need to change a corresponding setting in the OSX system and then quit Finder to allow the new setting to become active. Numerous explanations exist on the web for how to do this. Briefly, from OSX10.9 onward:

defaults write com.apple.finder AppleShowAllFiles YES

You need to quit Finder for this to take effect. If you do that only once, kill the Process named "Finder" in the Application/Utilities/"Activity Monitor". Alternatively, on the command line, use

killall Finder

If you need this more often, you can add a corresponding quit-entry to the Finder menu as explained here. Enter this at the command line:

defaults write com.apple.finder QuitMenuItem 1

This command also requires quitting Finder to take effect.