Episode 3: SSH Keys For Server Authentication
In the previous video, we created a build for our new project. Now we are configuring access to the development server using SSH keys. Follow along as we create a new SSH key pair using Git Bash. We’ll use PuTTY and the new key to SSH to our Linux server from a Windows machine. Generating a new SSH key is not too difficult, but there are a few gotchas when using Windows.
We are going through this exercise because Eric and Jordan develop on Windows. Todd watches in amusement as his MacOS machine “just works”.
NOTE: There’s a step you don’t see in the video. The public key we generated was placed into the
authorized_keys file on the Linux server when it was first provisioned. This is why we are able to authenticate to it at the end of the video.
Generating a SSH Key in Windows
First we need a new SSH key pair. Github’s Instructions for generating a new key are straightforward and work as long as you have Git for Windows:
- Open Git Bash
- Select Help -> Show SSH KeyGenerate a new key with this command:
- Don’t use spaces in your key comment. Some programs don’t like it!
- Be sure to specify a location to save the key to avoid overwriting your user’s ssh key.
Just Need a Key for Git?
There is a simpler way to do this if you just need to make Git SSH repositories work. Git for Windows provides a simple way to generate the id_rsa key for your user. This method does not let you generate arbitrary keys:
- Open “Git GUI” and select Help -> Show SSH Key
If you see no key listed, click “Generate Key” and follow the prompts:
Converting a RSA key to .PPK for PuTTY
Because we’re using Windows we are not quite done. We often use PuTTY to make SSH connections but it does not read the PEM formatted keys. We must convert the ssh-rsa key to the .PPK format that PuTTY uses:
- Open PuTTY Key Generator (PuTTYgen) and select Conversions -> Import key
- Import your key and re-enter the comment and passphrase.
Click “Save Private Key” and you’re done:
Connecting to a Linux Server With PuTTY
PuTTY does not know about our key by default which means it will fail to authenticate to our server. We need to tell PuTTY about our key by configuring Pageant:
- Start Pageant and double click its tray icon:
Click “Add Key” and select your .PPK file:
- Start PuTTY and connect to your server. Any key added to Pageant will automatically be used if valid for the server.
We now have SSH access to our Linux server. Thankfully this drudgery is not done very often. Now that we have a key, we can use Ansible to provision our Linux server and deploy the build from TeamCity.