Petra Rabbit is a developer. She would like to contribute to some private repositories that Zach Cat has set up on BitBucket and GitHub.<\/p>\n\n\n\n
Zach has a private repository on BitBucket called “X_Files” that Petra needs to clone locally:<\/p>\n\n\n\n
$ git clone git@bitbucket.org:zach-the-cat\/x_files.git<\/pre>\nCloning into 'x_files'...\nThe authenticity of host 'bitbucket.org (104.192.141.1)' can't be established.\nRSA key fingerprint is SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A.\nAre you sure you want to continue connecting (yes\/no\/[fingerprint])? \nWarning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts.<\/pre>\n\n\n\nThis is the first time Petra has used SSH to talk to the BitBucket server on this computer. Consequently, she sees that prompt from SSH asking her if it is okay to add the server IP address to its list of known hosts.<\/p>\n\n\n\n
yes<\/pre>\nWarning: Permanently added 'bitbucket.org' (RSA) to the list of known hosts.\nForbidden<\/b>\nfatal: Could not read from remote repository.\nPlease make sure you have the correct access rights and the repository exists.<\/pre>\n\n\n\nYeah… it’s just not that easy. In order for this to happen:<\/p>\n\n\n\n
Zach goes to BitBucket > X_Files > Repository Settings > User and Group Access, and searches for Petra by email address; selects WRITE access; and confirms.<\/p>\n\n\n\n
And now Petra sees an email from Atlassian, “Zach The Cat invited you to collaborate on the X_Files repository on BitBucket”. Of course, she accepts the invitation… When she logs in to BitBucket in her browser, she can now see Zach’s repo. Try again, Petra:<\/p>\n\n\n\n
$ git clone git@bitbucket.org:zach-the-cat\/x_files.git<\/pre>\nCloning into 'x_files'...\ngit@bitbucket.org: Permission denied (publickey).<\/b>\nfatal: Could not read from remote repository.\nPlease make sure you have the correct access rights and the repository exists.<\/pre>\n\n\n\nWell, at least it’s a different error, because she’s not quite done yet: She has to create an RSA key pair identifying her on her development laptop, and upload the public key to her account on BitBucket:<\/p>\n\n\n\n
$ ssh-keygen<\/pre>\nGenerating public\/private rsa key pair.\nEnter file in which to save the key (\/home\/petra\/.ssh\/id_rsa): \nEnter passphrase (empty for no passphrase): *********\nEnter same passphrase again: *********\nYour identification has been saved in \/home\/petra\/.ssh\/id_rsa\nYour public key has been saved in \/home\/petra\/.ssh\/id_rsa.pub<\/pre>\n\n\n\nShe was prompted to enter a passphrase, and she’s going to need it every time she talks to the remote repository, so let’s hope she picked something memorable!<\/p>\n\n\n\n
Now Petra goes to BitBucket > Profile and Settings > Personal settings > SSH Keys. It says “There are no keys configured” but she can click on the Add Key<\/strong> button, and paste the contents of the id_rsa.pub<\/strong> file, along with a descriptive label. The label could be any text but it helps to use something that identifies the current user and client computer (i.e. the development machine), because if she switches machines (i.e. uses a virtual machine or another laptop) then She’ll need to upload a separate public key for that environment also.<\/p>\n\n\n\n
Having uploaded the public key to BitBucket, and with the private key accessible to SSH locally, Petra should now be able to clone the repository successfully:<\/p>\n\n\n\n
$ git clone git@bitbucket.org:zach-the-cat\/x_files.git<\/pre>\nCloning into 'x_files'...<\/pre>\n\n\n\nAt this point she’s prompted to enter her passphrase for the RSA key pair, and does so.<\/p>\n\n\n\n
remote: Enumerating objects: 13, done.\nremote: Counting objects: 100% (13\/13), done.\nremote: Compressing objects: 100% (12\/12), done.\nremote: Total 13 (delta 2), reused 0 (delta 0), pack-reused 0\nReceiving objects: 100% (13\/13), done.\nResolving deltas: 100% (2\/2), done.<\/pre>\n\n\n\nLet’s review:<\/p>\n\n\n\n
$ ls -l<\/pre>\ntotal 4\ndrwxrwxr-x 3 petra petra 4096 Sep 10 11:48 x_files<\/pre>\n$ cd x_files\n$ git status<\/pre>\nOn branch main\nYour branch is up to date with 'origin\/main'.\nnothing to commit, working tree <\/pre>\n\n\n\nGit Passphrase Persistence<\/h4>\n\n\n\n
Petra may get prompted for her RSA key pass phrase every time she commit<\/strong>s a change, or fetch<\/strong>es changes, but a Git Bash session can run an agent process that takes care of this for her. It is per-session \u2013 during the remainder of that session, she won’t get prompted for the pass phrase, except for one time while setting up the agent:<\/p>\n\n\n\n
$ eval $(ssh-agent)<\/pre>\nAgent pid 227166<\/pre>\n$ ssh-add ~\/.ssh\/id_rsa<\/pre>\nEnter passphrase for \/home\/petra\/.ssh\/id_rsa: *************\nIdentity added: \/home\/petra\/.ssh\/id_rsa (petra@mcgregor_garden)<\/pre>\n\n\n\nFor further reading: https:\/\/smallstep.com\/blog\/ssh-agent-explained\/<\/a><\/p>\n\n\n\n
Differences between Windows and Linux<\/h4>\n\n\n\n
If you use the Git Bash console on Windows, then the workflow is almost exactly the same as that described above. The only difference is that the RSA key files are located in C:\\Users\\<user>\\.ssh\\<\/p>\n\n\n\n