Using keys: Difference between revisions

Line 18:

eval $(ssh-agent) && ssh-add ~/.ssh/eQualityTech-Test.pem

</syntaxhighlight>

</syntaxhighlight>Now with your agent loaded, and keys added to it, you can forward your agent by either specifying it in your git config file (<code>ForwardAgent yes</code>), or else by using the <code>-A</code> option on the command line.

== Signing Git Commits ==

First check if your <tt>openssh</tt> version is recent enough. You need

* Git 2.34.0 or later. <code>git -v</code>

* OpenSSH 8.1 or later. <code>ssh -V</code>

** OpenSSH 8.7 has broken signing functionality. If you are on OpenSSH 8.7, upgrade to OpenSSH 8.8.

Configure Git to use SSH to sign commits and tags:

Line 28:

Line 32:

<syntaxhighlight lang="bash">git config --global user.signingkey /home/greg/.ssh/id_rsa.pub</syntaxhighlight>

If unsure about which key is uploaded to GitHub, you can list your local key fingerprint with <tt>ssh-keygen -lf ~/.ssh/id_rsa</tt> and compare that with the fingerprint displayed in your GitHub account under [https://github.com/settings/keys settings/keys].

Also, listing your '''public''' key fingerprint is useful if you want to sign commits on a remote host while the key resides on your local host.

ssh-keygen -lf ~/.ssh/id_ed25519.pub

</syntaxhighlight>

<pre>

(ED25519):1N9mywqwpoyHDL7paBNPniyMKDlFi6zsNYAxJNBRLhM greg@GregBook

</pre>

Now you can use the <tt>-S</tt> option in your commit command to '''sign the commit''' while you <tt>commit</tt> and <tt>push</tt> as usual.

Line 38:

Line 51:

</pre>

Oddly, the option in <tt>git tag</tt> is lowercase '''s''' or the long option is '''sign''' ie. <tt>git tag --sign 43.9.0</tt>

You can verify signatures with an 'allowed signers' file<ref>https://man7.org/linux/man-pages/man1/ssh-keygen.1.html#ALLOWED_SIGNERS</ref> but we'll get into that later - or have a look at [https://docs.gitlab.com/user/project/repository/signed_commits/ssh/#verify-commits GitLab's doc].

== Desktop Applications ==

@@ Line 18: / Line 18: @@
 <syntaxhighlight lang="bash">
 eval $(ssh-agent) && ssh-add ~/.ssh/eQualityTech-Test.pem
-</syntaxhighlight>
+</syntaxhighlight>Now with your agent loaded, and keys added to it, you can forward your agent by either specifying it in your git config file (<code>ForwardAgent yes</code>), or else by using the <code>-A</code> option on the command line.
 == Signing Git Commits ==
+First check if your <tt>openssh</tt> version is recent enough. You need
+* Git 2.34.0 or later. <code>git -v</code>
+* OpenSSH 8.1 or later. <code>ssh -V</code>
+** OpenSSH 8.7 has broken signing functionality. If you are on OpenSSH 8.7, upgrade to OpenSSH 8.8.
 Configure Git to use SSH to sign commits and tags:
@@ Line 28: / Line 32: @@
 <syntaxhighlight lang="bash">git config --global user.signingkey /home/greg/.ssh/id_rsa.pub</syntaxhighlight>
 If unsure about which key is uploaded to GitHub, you can list your local key fingerprint with <tt>ssh-keygen -lf ~/.ssh/id_rsa</tt> and compare that with the fingerprint displayed in your GitHub account under [https://github.com/settings/keys settings/keys].
+Also, listing your '''public''' key fingerprint is useful if you want to sign commits on a remote host while the key resides on your local host.
+<syntaxhighlight lang="bash">
+ssh-keygen -lf ~/.ssh/id_ed25519.pub
+</syntaxhighlight>
+<pre>
+(ED25519):1N9mywqwpoyHDL7paBNPniyMKDlFi6zsNYAxJNBRLhM greg@GregBook
+</pre>
 Now you can use the <tt>-S</tt> option in your commit command to '''sign the commit''' while you <tt>commit</tt> and <tt>push</tt> as usual.
@@ Line 38: / Line 51: @@
 </pre>
 Oddly, the option in <tt>git tag</tt> is lowercase '''s''' or the long option is '''sign''' ie. <tt>git tag --sign 43.9.0</tt>
+You can verify signatures with an 'allowed signers' file<ref>https://man7.org/linux/man-pages/man1/ssh-keygen.1.html#ALLOWED_SIGNERS</ref> but we'll get into that later - or have a look at [https://docs.gitlab.com/user/project/repository/signed_commits/ssh/#verify-commits GitLab's doc].
 == Desktop Applications ==