Skip to main content

How to Use SSH with Git

DataOps uses the SSH protocol to securely communicate with Git. When you use SSH keys to authenticate to the DataOps remote server, you don't need to supply your username and password each time.

Prerequisites

To use SSH to communicate with DataOps, you need:

  • The OpenSSH client coming pre-installed on GNU/Linux, macOS, and Windows 10.
  • SSH version 6.5 or later. Earlier versions used an MD5 signature, which is not secure.

To view the version of SSH installed on your system, run ssh -V.

Supported SSH key types

To communicate with DataOps, you can use the following SSH key types:

  • ED25519
  • RSA (At least 2048 bits)

Check for existing SSH key pair

Before you generate a key pair, see if a key pair already exists.

  1. Within your home directory, go to the .ssh/ subdirectory.

  2. See if a file with one of the following formats exists:

    AlgorithmPublic keyPrivate key
    ED25519id_ed25519.pubid_ed25519
    RSAid_rsa.pubid_rsa

Generate SSH key

If you do not have an existing SSH key pair, generate a new one:

  1. Open a terminal.

  2. Run ssh-keygen -t followed by the key type and an optional comment. This comment is included in the .pub file that's created. You may want to use an email address for the comment.

    For ED25519:

    ssh-keygen -t ed25519 -C "<comment>"

    For 2048-bit RSA:

    ssh-keygen -t rsa -b 2048 -C "<comment>"
  3. Press Enter. Output similar to the following is displayed:

    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/home/user/.ssh/id_ed25519):
  4. Accept the suggested filename and directory, unless you want to save in a specific directory where you store other keys.

  5. Specify a passphrase:

    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:

    A confirmation is displayed, including information about where your files are stored.

A public and private key are generated. Add the public SSH key to your DataOps account and keep the private key secure.

Add public SSH key to DatsOps account

  1. Copy the contents of your public key file. You can do this manually or use a script. For example, to copy an ED25519 key to the clipboard:

    macOS

    tr -d '\n' < ~/.ssh/id_ed25519.pub | pbcopy

    Linux (requires the xclip package)

    xclip -sel clip < ~/.ssh/id_ed25519.pub

    Git Bash on Windows

    cat ~/.ssh/id_ed25519.pub | clip

    Replace id_ed25519.pub with your filename. For example, use id_rsa.pub for RSA.

  2. Go to User Settings > SSH Keys

  3. In the Key box, paste the contents of your public key. If you manually copied the key, make sure you copy the entire key, which starts with ssh-rsa or ssh-ed25519, and may end with a comment.

  4. In the Title box, type a description, like Work Laptop or Home Workstation.

  5. Optional. In the Expires at box, select an expiration date. In:

    • DataOps checks all SSH keys at 02:00 AM UTC every day. It emails an expiration notice for all SSH keys that expire on the current date.
    • DataOps checks all SSH keys at 01:00 AM UTC every day. It emails an expiration notice for all SSH keys that are scheduled to expire seven days from now.
  6. Select Add key.

Profile &gt; SSH Keys  __shadow__

Git clone

  1. Perform your git clone operation now as follows::

    git clone git://app.dataops.live/group/project.git
  2. If this is the first time you connect, you should verify the authenticity of the DataOps host. If you see a message like:

    The authenticity of host 'app.dataops.live (35.178.252.56)' can't be established.
    ED25519 key fingerprint is SHA256:ao2qAUiobpGcK4uAdt3yHdSnHlInmpaV85/7K+sLHwM.
    This key is not known by any other names
    Are you sure you want to continue connecting (yes/no/[fingerprint])?

    Type yes and press Enter.

Cache your private key for the session

If you have set a passphrase from your ssh key it quickly becomes inconvenient to have to enter it with every git command.

To safely cache the private key for your session execute the following two commands in your shell:

eval "$(ssh-agent)"
ssh-add

Subsequent git commands won't prompt you for the passphrase again.