April 3, 2010
Follow along as I learn all about Git, a revision control system, and begin implementing it for all our company’s projects, on the Windows operating system.
This is the second installment of the series. As we’ve already decided on using Git as our revision control system in Part 1, let’s get it set up.
Git makes use of the SSH (Secure SHell) protocol when communicating with a remote server, and uses public and private key pairs for authentication. Windows doesn’t come standard with SSH though (most other operating systems do), so there are two ways to get this SSH authentication set up — either via OpenSSH , or by making use of PuTTY. I will explain both methods below, but as OpenSSH comes with Git and is faster and easier to get set up, it is the method I’d recommend. It also works on Windows 7, where we couldn’t get the PuTTY method working. Some people prefer PuTTY though, and oftentimes already use it for other reasons, so I’ll explain that method as well.
If you’d like to follow the PuTTY route, you’ll be using the following :
- the PuTTY program
- the PLink program behind-the-scenes
- the Pageant program for SSH authentication
- the PuTTYgen program for public and private key generation.
Download these 4 programs from the PuTTY download page so long, and store them all in the same folder. I’d suggest you place these files somewhere within your Windows user profile directory, perhaps something similar to :
C:\Documents and Settings\ProfileName\programs\PuTTY\
or on Windows 7 :
The reason for this is so that whenever you generate SSH keys (which we’ll be doing later on), you can worry less about extra security as Windows already has a measure of security for your profile folder. It also simplifies things to store the Pageant program next to the keys it will use.
Git itself is available as an executable install file for Windows, and the latest version can be found on the msysgit website. I opted for the first file in the list, described as :
Full installer for official Git x.x.x.x
with a filename like
Download the file and begin the installation process, during which you’ll be presented with a number of options :
- Select “Add Git Bash Here” as well as “Add Git GUI Here” :
- Also select “Run Git from the Windows Command Prompt”, with or without Unix tools (ie. options 2 or 3) :
- Choose your preferred SSH executable — we recommend OpenSSH, but if you’d like to use PuTTY, select the “Use PLink” option and enter the location of the PLink file you downloaded earlier. It seems that not everyone gets presented with this screen though. If so, and you’re using the PuTTY method, I’ll address this later in the tutorial, under the heading “The GIT_SSH environment variable” :
- As this tutorial is about developing on Windows, select to checkout Windows-style :
We’ll now generate our public and private SSH keys. As the keys will be stored in your Windows user profile directory, a passphrase isn’t extremely important, so you can choose to go without one when prompted. Of course you could also use one if you’d prefer the greater level of security.
The way the keys are generated is the biggest difference between the OpenSSH and PuTTY methods, so select one of the two below :
Either open a command prompt (start, run, “cmd”) or right-click on some (almost any) windows explorer folder and select “Git Bash Here”. Then type the following command, replacing the email address with your own :
ssh-keygen -C "firstname.lastname@example.org" -t rsa
Run the puttygen.exe program, and generate a new key pair with the default parameters of SSH-2 RSA and 1024 bits :
Save the private key to the directory which contains your PuTTY files (or perhaps a /keys/ subdirectory) by clicking on the ‘Save private key’ button. Instead of clicking on ‘Save public key’, copy the key from the top box into a new text file, and save it to the same directory — we copy, paste and save the key as the PuTTYgen program saves it in a non-standard format. That’s all, you can now close the PuTTYgen program.
If using the PuTTY method, the Pageant program needs to know about our private key, so that it can provide the proper authentication when requested. Run the pageant.exe program — it places an icon in the system tray. Double-click on the icon, and add your private key. You can then close the Pageant program, which minimizes it to the system tray. For the authentication to happen, the Pageant program needs to be running whenever you push to a remote server. If you’ll be doing this often, it might be a good idea to create a shortcut to Pageant in your Startup folder so that it’s always running.
A remote Repository
Another part of the authentication happens on the side of the remote host where your repository is located, using your public key, so the host needs to have your key. Whichever host you choose for hosting your remote Git repository, whether GitHub, CodeBase, Unfuddle, ProjectLocker or something else, they will have a mechanism whereby you can add your public key to your account. This is used in conjunction with your private key to authenticate you as a user who has access.
For my host, I chose Project Locker as it has a free account option which does not restrict the number of projects you can create. It also allows up to 5 users to collaborate on a project, and up to 500MB in total storage. During sign-up, it asks for the details of your first project, so specify the repository type as Git. Once you’ve completed the sign-up process and logged in at https://portal.projectlocker.com/, select “Manage Public Keys” under the “User Links” heading on the left-hand menu, and add a new key. I used my email address as username. Copy the public key into the space provided — your public key is that which you either saved to a text file earlier if you used PuTTYgen, or which was saved to the id_rsa.pub file for you if you used ssh-keygen.
If you’ve chosen something other than ProjectLocker, they will have a similar way in which you add your public key to your account.
The Host Key
The last part of the authentication is to get the public key of the host.
If you’ve used the OpenSSH method, we won’t be doing this just yet, as we’ll only be prompted to accept the host’s public key when we do our first push to the remote repository in Step 3 of this series. That key will then be saved in a known_hosts file next to your generated keys.
But if you’ve used the PuTTY method, run the putty.exe program, and connect to the host where your repository is located, via SSH, on port 22. For a free ProjectLocker account, this is at free1.projectlocker.com. You should receive a PuTTY security alert about the server’s key. Click Yes and the server’s public key is saved to your windows registry. You will then be prompted to login, but you can just close the window, the key has been saved :
If you’ve used the OpenSSH method, again this is something which you don’t need to give attention to.
If you selected the PLink program as your SSH executable during Git installation, Git is supposed to create a GIT_SSH environment variable which points to your PLink program. It did not do this for me however, as I was never presented with the screen to choose my SSH executable. To manually do it, open the control panel, select “system”, choose the “advanced” tab and then “Environment Variables”. Or in Windows 7, open the control panel, select “system and security”, then “system”, “advanced system settings”, then “environment variables”. If there is no GIT_SSH variable listed under either the system or user variables, create it, and for its value, enter the location of the PLink file you downloaded earlier, such as :
C:\Documents and Settings\ProfileName\programs\PuTTY\plink.exe
We’ve now reached the end of Step 2 as we’re all set up. Step 3 is coming soon, where we’ll begin using Git.