Blakey don't ssh
-
That's me posting from my phone and not noticing my mobile keyboard "fixing" it for me. Switched phones, haven't reinstalled Swiftkey yet, or gotten used to Google Keyboard.
-
TortoiseGit works fine too as long as you install it and Git for Windows with the OpenSSH option.
Tortoise Git is the only client that has ever corrupted a Git database on me. I don't trust TortoiseShellCache or WETF it is not to improperly lock the database.Fuck the cancer known as PuTTY.
PuTTY is great - as a remote login shell, only. plink is an abortion that should have been dropped long ago, and pageant should definitely support OpenSSH keys.
-
PuTTY is great - as a remote login shell, only. plink is an abortion that should have been dropped long ago, and pageant should definitely support OpenSSH keys.
Well it's all open sores
#PRs WELCOME!!!!!!!! SNIDEST VOICE IMAGINABLE!
-
But then GitHub for Windows can't auth to the server, because I'm in fucking hell.
PuTTYgen's UI isn't stellar, but as well as being able to save the keys it generates in a format that PuTTY and libraries based on it will use natively, any public key it generates will also appear in a text box in its main window, from which you can copy/paste (the box is labelled something like "for pasting into OpenSSH authorized_keys files"). The key in that box is the public half of your key in OpenSSH format, and it will be what any service based on OpenSSH (which I believe includes GitHub) will want.
So, if you're using a PuTTY-based ssh client with an OpenSSH-based ssh server, I would expect your simplest workflow to be
- Use PuTTYgen to generate a keypair, and save the generated .ppk file wherever your client wants your private keys saved.
- Copy the OpenSSH-based public key out of the PuTTYgen main window, do an initial logon to your ssh server with a password, then paste the public key into the appropriate spot in your profile.
-
Where's my "Keep calm and RTFMFM" shirt now.
I'm pretty sure I'll use this as an avatar at some point.
-
Last time I even tried to install it, it downloaded like 500 MB of uncompiled code files, then spit out about 347,324 errors.
Reminds me of my sister who once downloaded her favorite song from the internet, in EXE format...
-
Reminds me of my sister who once downloaded her favorite song from the internet, in EXE format...
welp... that's one way to make sure you have a nice computer. infest it with viruses and make a family member reinstall everything.
works great, until they cut you off, and your computer in half
-
plink is an abortion that should have been dropped long ago
Plink still has its uses. I have customers who are rightly suspicious of remote support tools that go via third party servers, and I've set up remote support for them using PuTTY and UltraVNC on their end, OpenSSH and Remmina on mine. They click a little script I gave them that starts a plink session with remote port forwarding to my home router, along with an UltraVNC server bound to localhost; I point Remmina at my router and we're good to go.
If you use PuTTY rather than Plink to set up the ssh session in this scenario, PuTTY hangs as soon as you click your remote mouse inside the PuTTY window. Plink runs in a Windows console window, which doesn't cause whatever message-passing deadlock is responsible for this.
This solution, by the way, works better for me than RDP because both the customer and I end up looking at the same screen with the same stuff happening on it, and better than Windows's inbuilt Remote Assistance because the connection is outbound from the customer side and therefore doesn't require the creation of a potential security hole by opening Internet-facing ports on their NAT routers. On my end, they're using a specific username and a ssh key I gave them to get a session on my router, and I use the options in that user account's authorized_keys to make sure the only thing the session can do is the remote port forward my script is coded to ask it for. It works well.
-
plink is an abortion that should have been dropped long ago
It's fine as long as what you want to do is what it does. It doesn't do very much, but it has the feature that you can run it as a subprocess of some other program easily, and otherwise drive it from scripted code; that's what it's really there for. Driving PuTTY that way requires much more magic.
-
can you just make a random key and hope to unlock your front door with it?
I feel sorry for all those un-free countries, who are forced to anticipate failure.
-
Duh? Why did you post this list of things I already know?
The annoyance is I have to create the SSH key with the CLI noise crappy shit ass interface, then go into PuTTY and "convert" it into PuTTY format, but when you do that you can't remove the originals because GitHub for Windows requires the original format. Then I have to put them all in the wrong folder.
So basically I have a Users\Blakeyrat\.ssh folder (WRONG!) with two Linux-y files with wrong file extensions, marking the public key as a Microsoft Publisher file (WRONG!), then I have ANOTHER two files which are the exact same data but in a slightly different format (WRONG!). This is so when I start up SourceTree it pops open a little system tray widget (WRONG!) which exists merely to... what? Convert from one key format to another? I guess? I honestly have no idea what it does or any it does it or why it even exists or why SourceTree bitches so much about it.
There's like 5 levels of wrong and shitty stuff going on.
-
Duh? Why did you post this list of things I already know?
Break out the dowsing rod. Need to psychically determine what blakey knows before posting.
-
I specifically already said I did the steps you mentioned. After Ben L suggested them. And pointed out those steps don't work if you need GitHub for Windows and SourceTree to both work with the same Git repo simultaneously. This already happened in the thread. No psychic powers required.
-
-
Use PuTTYgen to generate a keypair, and save the generated .ppk file wherever your client wants your private keys saved.
Copy the OpenSSH-based public key out of the PuTTYgen main window, do an initial logon to your ssh server with a password, then paste the public key into the appropriate spot in your profile.And then do the other 168 steps needed to get this to work.
-
Promises 79 steps, labels them with 5 numbers, links to it with 168 steps.
-
If you use PuTTY rather than Plink to set up the ssh session in this scenario, PuTTY hangs as soon as you click your remote mouse inside the PuTTY window. Plink runs in a Windows console window, which doesn't cause whatever message-passing deadlock is responsible for this.
Fun game:
- google "plink"
- click on the first link
- wait for the page to load
- try to go back in browser
-
which exists merely to... what? Convert from one key format to another? I guess? I honestly have no idea what it does or any it does it or why it even exists or why SourceTree bitches so much about it.
"Pageant", a PuTTY crapplet that holds on to your keys so it cangive them to any malware that asksauthenticate with them without configuring each app individually.For hysterical reasons, each app has their own copy and none of them talk to each other, so it was an exercise in futility.
-
"Pageant", a PuTTY crapplet that holds on to your keys so it can give them to any malware that asks authenticate with them without configuring each app individually.
Right; but why? The keys are right there on the fucking disk. SourceTree has permissions to that folder.
I mean, like I said, this is just like 5 layers of shitty software design going on all at once here. And 80% of the software involved is open source, natch.
For hysterical reasons, each app has their own copy and none of them talk to each other,
Copy of what? The SSH keys, or Pageant? Why would you expect them to talk to each other?
-
Pageant is an SSH key agent, which is a standard part of the spec. The idea is that you set up the agent with all of your keys, and then anything that needs authentication delegates that to the agent. (Like Windows Secure Channel.) If you need to use an additional key, you add it to the agent, and all your apps can immediately use it. If you want to stop using a key, you remove it from the agent, and now it's gone everywhere. If someone releases a new version of SSH with [insert government-mandated easily-breakable crypto here], you just need to update the agent, not all the apps.
The problem is that each Windows program that delegates to Pageant ships with its own copy, which it expects to run, and whines when it can't, even if that's because Pageant is already fucking running. So all the benefits of having one central key agent are gone.
-
The problem is that each Windows program that delegates to Pageant ships with its own copy
-
Duh? Why did you post this list of things I already know?
Because it seemed that you still don't know that this is not true:
The annoyance is I have to create the SSH key with the CLI noise crappy shit ass interface, then go into PuTTY and "convert" it into PuTTY format
You don't need to use a CLI to create your ssh key and then convert it with PuTTYgen. You can do that, but PuTTYgen is perfectly capable of creating ssh keypairs on its own and providing you with a public key in the same OpenSSH format that the ssh-keygen CLI tool does.
The only thing you don't get easily from PuTTYgen alone is a private key in OpenSSH format, but if you're using a PuTTY-library-based ssh client, this is something you're unlikely to need.
I think it's hilarious that a man so determined to whinge about CLI tools at every opportunity is now doing his level best to convince himself that he really truly did always need to use one for this job.
-
The problem is that each Windows program that delegates to Pageant ships with its own copy
...what with dependency management not being the strong suit of Windows package installers.
-
The only thing you don't get easily from PuTTYgen alone is a private key in OpenSSH format, but if you're using a PuTTY-library-based ssh client, this is something you're unlikely to need.
Except he does need that too. His server only allows one key, but he's got one Pageant client and one OpenSSH client. Have you been reading the thread?
-
but why? The keys are right there on the fucking disk.
That very point is why I have never personally found a compelling use case for ssh key agents, despite the fact that pretty much every ssh client suite provides one.
-
Because without the agent, the password either needs to be in a configuration file, or needs to be typed every time something needs to use the key. With the agent, you put the password in once at login.
-
Except he does need that too
Then he might need to up the degree of difficulty by one notch, and work out why OpenSSH is the export format he needs to choose from the Conversions menu.
-
without the agent, the password either needs to be in a configuration file, or needs to be typed every time something needs to use the key.
I generally use passwordless keys, relying on physical security and key disposability to prevent misuse; my ssh security needs are generally not high enough to make two-factor auth (possession of key file, knowledge of key file passphrase) necessary.
-
-
You don't need to use a CLI to create your ssh key and then convert it with PuTTYgen.
Yes you do.
The only thing you don't get easily from PuTTYgen alone is a private key in OpenSSH format, but if you're using a PuTTY-library-based ssh client, this is something you're unlikely to need.
Unless you're using GitHub for Windows and SourceTree simultaneously, which is what I'm fucking DOING you dumb motherfucker.
-
OK, so we've got github doing things the linux way on windows. And putty doing things the windows way on windows. And ppl are blaming putty?
-
With the agent, you put the password in once at login.
Some operating systems tie the agent into the system cryptographic identity store. Logging in is sufficient to unlock the password for the authorised application only. (Of course I use whole-disk encryption.) I don't know whether such a scheme is practical on modern Windows — I just don't know how such things are managed there — but it does make for a system that's really convenient given the level of security.
-
The Windows Way is to not bother with this key shit in the first place.
I'd say the SSH approach the "Lotus Notes Way", since it's basically the same idea as Lotus Notes' .id file.
-
The Windows Way is to not bother with this key shit in the first place.
I've used git (and ssh) with username/password only before.
Likely your server administrator configured it so that you need a certificate instead.
-
Yes, we've gone over that before in this thread too. SourceTree is able to connect to Stash with a username/password. But it doesn't fucking work, it just spins the spinner forever with no connection and no timeout and fuck it.
-
Guessing that you've never tried to use the Microsoft Windows signtool.
The pain...Thankfully, because it's a command-line tool, it's scriptable and thus the pain is a once-only affair.
-
Only if you can get your script under version control...
Haw haw.
-
GitHub for Windows should be making the key by itself. If you want a PuTTY key, you should probably use PuTTYgen instead of trying to juggle between the shitty PuTTY format and the real OpenSSH RSA format.
-
From (https://www.sourcetreeapp.com/faq/):
SourceTree uses the PuTTY suite of Windows-friendly SSH tools, here's how you get set up:
- If you already have a PuTTY key file (.ppk), skip to step 7
- From the SourceTree menu, select Tools > Create or Import SSH Keys
If you use Windows 8 and SmartScreen is enabled, PuTTYgen may be blocked. Click 'More Info' and then 'Run' - If you already have an OpenSSH key (e.g. ~/.ssh/id_rsa)
3a. In the PuTTYgen menu, click Conversions > Import Key
3b. Browse to your OpenSSH private key, it's likely in %USERPROFILE%.ssh\id_rsa
3c. This will import your OpenSSH key (you'll need to type its passphrase) for use with the PuTTY suite. - Otherwise, you need to create a new key:
4a. Click 'Generate', then move your mouse randomly while it generates a key for you.
4b. Type in a long but memorable key passphrase in the 2 boxes supplied. This will protect your key file from others. - Click 'Save Private Key' and save it somewhere you won't lose it
- Click 'Save Public Key' and save it in the same place
- To avoid typing the passphrase every time, you'll want to use the background agent to hold your keys, which is called 'Pageant'. You can launch this now from the SourceTree menu under Tools > Launch SSH Agent.
- Browse to your private key file (.ppk) and type the passphrase when prompted
- If you want Pageant to start when you log in, please see these instructions.
- Whenever you need to add your SSH key to a service such as Bitbucket, you simply need to copy and paste your public key, either from the public key file you saved above, or from the panel in the PuTTYgen window (you can re-load your key into PuTTYgen any time).
TRWTF is that someone paid as a programmer couldn't follow these instructions. (Well, the SRWTF is that they use PuTTY at all...)
-
The Windows Way is to not bother with this key shit in the first place.
Maybe things will get better once Windows gets with the program and supports ssh.
-
TRWTF is that someone paid as a programmer couldn't follow these instructions.
Not only can I, but I did.
Is your mind blown?
Why do people at this forum think complaining about X is mutually-incompatible with doing X? This is not the first, or even the dozenth, time I've seen that idiotic fallacy.
-
SO!
I have to do all this shit over again. This time I'm going to try doing a git clone from GitHub for Windows' CLI (GASP EVERYBODY! GASP!) then just telling SourceTree about the already-cloned repo. Instead of having SourceTree doing the cloning and fussing with SSH.
I'm hoping that since the info needed to do push and pull is embedded in the repo, I won't need to touch that stupid PuTTY bullshit. If I do, I do, but if I don't, saves me some time.
-
Why do people at this forum think complaining about X is mutually-incompatible with doing X?
They don't, but since you act like a moron, it's reasonable to act as if they do.
-
The annoyance is I have to create the SSH key with the CLI noise crappy shit ass interface, then go into PuTTY and "convert" it into PuTTY format, but when you do that you can't remove the originals because GitHub for Windows requires the original format. Then I have to put them all in the wrong folde
Or use PuTTYgen? To make a key in PuTTY format?
-
It won't. It stores your username in the repo. Not passwords or keys. So you'll need to authenticate yourself somehow...
-
I'm hoping that since the info needed to do push and pull is embedded in the repo
If by "the information needed" you mean "the address of the remote", yes. If you mean anything that would make it unsafe to store a git repo on a networked share that can be read by other users, no.
-
I think it keeps the username too, if you're using https (since technically that's part of the address...)
-
Well, you could put the password in the URL as well.
-
NO. BAD. DO NOT DO.
<indescriptively body
-
Or use PuTTYgen? To make a key in PuTTY format?
Illiterate or retarded? Place your bets.
