Beanstalk Guides

Tips for using SSH keys

Table of Contents

Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two network devices. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, like the Internet.

For communicating by SSH network protocol, public-key cryptography is used. Public-key cryptography is used to authenticate the remote computer and allow the remote computer to authenticate the user, if necessary. In public key cryptography, asymmetric key algorithms are used. This means that the key used to encrypt a message is not the same as the key used to decrypt it.

More simply put, each user has a pair of cryptographic keys – a public encryption key and a private decryption key.

The publicly available encrypting-key can be widely distributed, while the decrypting-key is known only to the recipient of the encrypted request. Messages are encrypted with the recipient’s public key and can only be decrypted with the corresponding private key. While the keys are related mathematically, the private key cannot feasibly be derived from the public key.

SSH is widely used for communication between Git repositories. Tools for generating SSH keys, and for communicating over SSH with remote Git repositories, are automatically installed when you install Git on your computer.

The important thing to understand is that you generate a public and private SSH key, and only the public key is distributed. In the case of using Beanstalk to host your repository remotes, the public key is copied into your Beanstalk profile, allowing you to push and pull your changes from the hosted Git repository.

How to generate SSH keys

Once you’ve installed Git on your machine, you will need to generate an SSH keypair if you don’t already have one. Read more on how to do this in our articles on working with Git on Windows or on Mac depending on the operating system you are using.

SSH keys with passphrase or without it

When creating SSH keys, you can create them with or without a passphrase. If you do create a key with passphrase, you will be asked for passphrase every time you try to communicate with your Git repository in Beanstalk.

Using passphrases increases the security when you are using SSH keys. Using a key without a passphrase can be risky. If someone obtains a key (from a backup tape, or a one-time vulnerability) that doesn’t include a passphrase, the remote account can be compromised.

Avoiding entering passphrase every time

By creating SSH keys with a passphrase, you are making the connection to your Git repository more secure, but entering passphrase every time can be annoying. Luckily, there are ways to store your passphrase to automatically provide it every time you connect over SSH.

Remember password in keychain

In macOS, you can do this by saving your password to your keychain. Doing this is very simple: as soon as you try to push changes to your Git account in Beanstalk, a keychain window will popup and ask whether you want your password to be remembered.

If you check the checkbox to remember your password, it will not be requested in the future.

In Windows, avoiding entering password is little bit different. Once you’ve installed PuTTY, you can use Pageant. Pageant is an authentication agent for PuTTY that allows you to store and recall SSH keys used to connect to your remote Git repositories. To read more how to do this, check out our Working with Git on Windows article.