SourceTree for Windows with SSH key files

March 25, 2013

I’ve generally avoided SSH key pairs, and I’ve been able to do so for quite a while, until now.

I’ve used Tortoisegit and Github for Windows for most of my professional and personal projects. I really like the github for windows look, whilst tortoisegit is more of a familiar face (Tortoise SVN). Though none of them are really good, they both lack a good overview of the project that you’re currently working on.

For a long time I’ve been a bit jealous on the Apple users who’ve had, what seemed like, the perfect git client, SourceTree. SourceTree gives a great overview on what files you’ve changed in your working copy, with a quick diff window on the side. Reading, or scanning through logs are also a breeze compared to tortoisegit. The only problem with SourceTree is that it’s been Apple exclusive, until now.

Last week Atlassian released SourceTree for Windows Beta. The first thing I did once I heard this news was to download it, and open my previously checked out projects. It almost has everything that the Apple version has. Finally I’ll be able to work with git in a somewhat faster way, or at least, an easier way.

This feeling of happiness was quickly trumped when I noticed I wasn’t able to push nor pull anything to the remote repositories. I tried googling for answers and came up empty. I tried pushing and pulling with tortoise-git, wondering if SourceTree had corrupted the local git configuration files, but no, tortoisegit was able to both pull and push without problem. The problem I had was that SourceTree wouldn’t ask for my SSH password, it just threw the permission denied error.

git -c diff.mnemonicprefix=false -c core.quotepath=false fetch origin
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

I couldn’t really make sense out of this, what I’d say, non-descriptive error message. I mean the only problem I had was that SourceTree didn’t ask for my password. I tried all the menu’s I could find, but came up empty. So I decided that this had to be some kind of bug because, let’s face it, SourceTree had only been available for a couple of hours, surely it’ll be fixed soon. Meanwhile, I continued to use tortoisegit, checking out SourceTree ever so often to see if the problem had been fixed in an update.

Finally a colleague of mine, who’s an Apple user, decided to file a bug-report on my behalf. It didn’t take long before he got back to me with the solution; SourceTree only supports key-files when using SSH.

Now, again, I’ve never been a fan of SSH keys, and so, I haven’t ever used them either. So for future references, I decided to write a small tutorial. (Yes, everything until now has only been a preamble to a tutorial).

So the first thing you’ll need to do is generate your keys. I decided to generate my key-pair on one of my debian machines. It’s as easy as this;

user@port-stanley:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
8e:10:c8:46:6a:4c:2a:0c:56:4a:d2:20:4a:83:74:2e user@port-stanley
The key's randomart image is:
+--[ RSA 2048]----+
|**o.             |
|*oo              |
|EE.              |
|o                |
|o * o   o   S    |
|o.   o o         |
|.     o .        |
|.                |
|                 |
+-----------------+
user@port-stanley:~$

Now observe that you have the ability to protect you private key file with a password. If you’re going to use these key files on any production server, I strongly recommend you set a password.
Once you’ve done with the command and you’ve returned to the prompt you should see two files in your home directory under .ssh/ (if you left it at default as I did above).
The two files are id_rsa and id_rsa.pub. The id_rsa is your private key, and I feel it’s important to highlight this, don’t ever share your private key with anyone, it’s essentially your password.
The other file, id_rsa.pub, is your public key. This is the key that you can share with other people, and shouldn’t be treated as a secret. This is the file that you’ll upload to external servers.

Now download these files to your computer and save them at a secure location on your drive. (I.e. if you anything like me, don’t save them on the desktop, there’s already too much crap in there).

The files that you have are a bit different the the keys putty and most windows SSH-clients use (or at least from the putty family). So you’ll have to download putty-gen.exe, which is a key pair generator for windows, we’ll only need it for a brief moment when we convert our private key to a windows-supported key.

Puttygen might have problems with detecting your file, so add the ppk extension to your private key, in other words, rename id_rsa to id_rsa.ppk.
Then just start the application and hit the load button, a file-explorer prompt should appear, navigate to your private key and select it.

puttygen

A confirmation dialog should appear similar to this one:

puttygen_import

Just follow the onscreen instructions, i.e. hit the save button and save your private key. Now in order to not confuse your future self, I’d recommend that you save the file as something with a ‘win’ suffix or prefix. I went with id_rsa_win.pkk.

So now you’ve got two private keys (A Windows/Putty key and a Linux/OpenSSH key) as well as your public key. The last thing will have to configure on the Windows machine is Pageant, which is essentially a putty key-file autoloader. It decodes your key and keeps it in memory automatically. So start it up, an icon should appear in your system tray.

Right click on the icon and click View Keys, a white, empty dialog should appear.

pageant_viewkey

Add your key by clicking on the Add keys button and navigate to your private windows key file, in our case that would be id_rsa_win.ppk.

pageant_added_key

In order for the server to be able to verify your private key, it needs to have a copy of your public key. So SSH into the git server that you use, create a new file and paste in the contents from your public key (id_rsa.pub).

The ssh daemon will look for a file called authorized_keys which is located in the .ssh/ folder in the home folder of the user who’s started a connection. So append the contents of your newly created file to ~/.ssh/authorized_keys.

cat id_rsa.pub >> .ssh/authorized_keys

And there you go,  let’s try to clone a project from our server with our key file.

Click on Clone / New and enter the url to the repository, and remember to add ssh:// as the protocol. After you’ve entered the complete URL and you click outside of the input field, SourceTree will try to validate your input, if everything went successfully, the screen should look like this:

clone