it:ad:ssh-keygen:howto:generate_keys

IT:AD:SSH-KeyGen:HowTo:Generate Keys

Summary

Use SSH-KEYGEN to create pairs of public and private keys.

Use IT:AD:SSH-ADD to register the newly generated Keys.

Then create an association between the keys (see IT:AD:SSH:HowTo:Configure the association between Host and Key) to a remote url (of a service such as IT:AD:BitBucket) for SSHAGENT to automatically find the right key.

Process

You can generate Keys the easy way, or the manual/scripted way.

Personally, this kind of setup stuff is so time consuming to get a new team up to speed that it's maybe best to script it as a IT:AD:Powershell script that you can hand out to the team.

Via Git Bash

Create New Keys

As IT:AD:Windows user, I prefer to use IT:AD:Powershell as the default shell.

If you're still using IT:AD:Git Bash:

  • type ssh-keygen
  • press enter to accept the default file path (%userprofile%/.ssh/id_rsa) or give another file path.
  • enter and reenter a passphrase.
    • I'm suggesting that you leave that clear.
  • Done. Two files will have been created.

SkyS@xact01 ~
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Documents and Settings/manthony/.ssh/id_rsa):

Via Powershell

If you followed the instructions to setup the PATH to find SSH-KEYGEN (IT:AD:Git:HowTo:Install) then the above can be invoked from the IT:AD:Powershell CLI as well.

Via Powershell Script

The following requires that you have first ensured that the SSH-KEYGEN.exe can be found on the PATH IT:AD:Environment Variables, as per IT:AD:Git:HowTo:Install

You can IT:AD:Powershell script up the whole process as follows: 

	$sshKeyName = "${Env:Computername}_${Env:UserName}_${$hostRoot}_rsa";

	$strFilePath="${Env:UserProfile}/.ssh/$sshKeyName"

	if (Test-Path $strFilePath){
		Write-Host "Skipping generation of SSH ($sshKeyName), as it already exists.";
		return;
	}

	#create one for this machine with default name, with no passphrase:
	& "${Env:ProgramFiles(x86)}\git\bin\ssh-keygen" -f $strFilePath -t rsa -N "''"

The result will be two files there (one private, and one public key) in your %userprofile%\.ssh\ directory

Use IT:AD:SSH-ADD to now register this cert (making sure you've also thought about associating the registered key with a remote url: IT:AD:SSH:HowTo:Configure the association between Host and Key).

When you have done both steps (and the Config file mentioned on the IT:AD:SSH-ADD page) you test your connection to Bitbucket or whereever:

  • /home/skysigal/public_html/data/pages/it/ad/ssh-keygen/howto/generate_keys.txt
  • Last modified: 2023/11/04 01:58
  • by 127.0.0.1