Setting up SSH access to my Bitbucket Mercurial repository on Windows took a bit longer than I would have liked. Since Google doesn’t come up with any direct hits that give a step-by-step guide to exactly dealing with this issue, and since the Bitbucket documentation leaves the Windows user high and dry with a ‘This is not described in further detail here’ message, I’m going to go ahead and write one of my own.
If you don’t have a public/private encryption key pair, you first need to get those:
- Download the Putty tools: Make sure you get at least PuttyGen and Pageant. They’re both included in the ‘Windows Installer for Everything…’
- Run PuttyGen and click on Generate to create a new key
- You can change the ‘Key comment’ to anything you like. Something that includes the encryption method, date, username and computer is probably helpful e.g. rsa-key-20101130-user@home
- The ‘Key passphrase’ is something that will be used to secure the private key that’s stored locally on your computer. Unless someone has the passphrase, they cannot access your private key. The PuttyGen documentation says
Choosing a good passphrase is difficult. Just as you shouldn’t use a dictionary word as a password because it’s easy for an attacker to run through a whole dictionary, you should not use a song lyric, quotation or other well-known sentence as a passphrase. DiceWare recommends using at least five words each generated randomly by rolling five dice, which gives over 2^64 possible passphrases and is probably not a bad scheme. If you want your passphrase to make grammatical sense, this cuts down the possibilities a lot and you should use a longer one as a result.
Now you can click on the ‘Save private key’ and ‘Save public key’ buttons to save the files to disk. Don’t close the dialog box yet as we’ll need it soon.
Now go to your Bitbucket home, and click on the Accounts button
Scroll down to the SSH Keys section. Copy your public key from the PuttyGen window where it says ‘Public key for pasting into OpenSSH authorized_keys file’ and paste it in the textbox next to the ‘Add Key’ button. Now press ‘Add Key’ and Bitbucket should store the key for you.
To avoid having to type in your long passphrase every time you use your private key for commits, you need to keep the Pageant program running in the background. You can have it set up to start once per your Windows session so you only have to provide the passphrase once, and then it keeps running in the background. You can do this by typing
pageant private.ppk
from the command line (where private.ppk is the file where you saved your private key).
Hallo alinium
Great blog! I’ve added a link to your post in the Bitbucket documentation:
http://confluence.atlassian.com/display/BITBUCKET/Tips+of+the+Trade
Cheers, Sarah
Thanks! Hope it helps others out!
Thanks, now it runs 🙂
I can not authenticate by passphrase. It is always failed.
Doesn’t seem to work. I keep getting asked for my password, no matter whether I add the public key to my account or to the team.
Thanks! This worked for me with one additional step — setting the Windows environment variable GIT_SSH to the fully qualified path for plink.exe. I did it globally so it would be set for all future command prompt sessions. Steps on Windows 8.1:
1. Run control panel.
2. Search for “environment”.
3. Select option titled “Edit the system environment variables”.
4. Click on the “Environment Variables” button.
5. In the lower list box titled “System variables” click the “New…” button.
6. Enter “GIT_SSH” for name and a fully qualified path (eg. C:\ProgramData\chocolatey\bin\plink.exe) for value. Select the OK button.
7. Exit control panel.
8. Relaunch any command or bash prompts.
Thank you.
I also had to do the following to get Git Bash working as described here:
http://serverfault.com/questions/194567/how-do-i-tell-git-for-windows-where-to-find-my-private-rsa-key
“Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to C:\Users\[your user name]\.ssh\id_rsa. After you have the key at that location, Git bash will recognize the key and use it.”
I then hit an issue whereby putty would display this message in the command line window whenever I attempted to do a git operation that connected via SSH: http://stackoverflow.com/questions/13598996/putty-wont-cache-the-keys-to-access-a-server-when-run-script-in-hudson
Unfortunately, the command line window would not let me enter a response to putty’s question so I couldn’t proceed!
The solution was:
1. run Putty (open it’s GUI)
2. Put in the SSH address of your git repo, and click “Open” to open a connection. Putty will ask the same question it does in the command line but this time its in a dialog box so you can click “Yes”. This adds the server’s key to the registry so that its trusted.
After doing all that, I can now use git (via bash or windows command prompt) and SSH is working fine.
1.
Thanks for keeping this up to date with your comments!
Thanks for posting this! Helped me out, too. 😀