Howto deploy SSH Key authentication for Github with using VS Code Editor
After looking for an adequate solution in the word wide web, I came to the following workaround, which I describe here. I developing in VS Code on Windows 10 and don’t want to run commit and push in the Git Bash terminal again and again, especially because VS Code comes out of the box with all of the Git skills include.
Let’s get started, if you not allready have Git for Windows on your Windows 10, you have to download here.
First open Git Bash and go to directory ~/.ssh, if it’s not exist you can create in windows explorer under the users home path, or type mkdir .ssh in Git bash.
A key pair as privat and public key are generated, a passphrase you can leave but keep the key on a safe place, the command clip copies the public key to the clipboard, which will be saved to Github account in the next step.
Go to Github and sign in with your account, open profile in the upper right corner, navigate to Settings and click SSH and GPG keys, click New SSH key, paste the public key into the key field, for title you can enter email@example.com.
Now ready to go back to Git bash and enter the following commands, with option -T the host is entered in known_hosts, here you have to confirm with yes, the command git push authorized on Github by use the key in ~/.ssh/id_rsa.
ssh -T firstname.lastname@example.org
git remote set-url origin email@example.com:account/my_project.git
git add -A
git commit -am "commit update"
place instead of account your github account, and for my_project the name of your project you deploying.
Now open directory out from Git bash with VS Code.
$ code my_project
VS Code Editor offers git commands via the main toolbar and the icon menu.
By default ssh looks for the key in a file named id_rsa, if you want to authenticate to multiple hosts, the following directive applies in the file ~/.ssh/config
Deploy Git on Linux Shell
If you use Linux “should be preferred” then the following command lines create a Git project directory and add README.md, further Commit and Push them.
Linux has build in SSH from the start, Apple has also integrated Secure Shell into macOS, Microsoft provide OpenSSH on Windows 10 from 1803 and Server 2019 as an optional feature. There are also SSH Tunnels and SSH port forwarding known from tools like PuTTY and KiTTY. So why use SSH only as Terminal (TTY), as VPN Tunnel there are useful opportunities too, for example, VPN is not able because firewall is not capable, or additional software cannot be installed in corporate networks, because the required authorization is not given. An SSH Reverse Tunnel is always useful for devices they are not reachable behind the firewall.
How to use SSH as a VPN Tunnel with port forwarding use OpenSSH on Linux, macOS and Windows
Here as an example, a tunnel is built from host A to host B, host B is a web server from which the intranet page is to be opened http://192.168.111.10 on Host A. The only requirement is that there is a NAT mapping via port 22 to host B on the firewall (NAT router) and that the SSH service is present on each host.
Run the command in the Linux terminal on Host A as follows:
On Host A, the web page can now be opened http://localhost. The SSH tunnel enable port forwarding for TCP port 80 on Host B from 192.168.111.10 to the localhost 127.0.0.1 on Host A, the external port is 45680. Just we log on to Host B with user cherry.
The parameters: -L = Local port -N = do not run a remote command -p = External SSH port (NAT port on firewall) -T = do not open a terminal
On Host B the SSH daemon must be configured and activated, in the configuration file /etc/ssh/sshd_config the following settings are required, for many Linux distributions this is default.
# Force SSH Protocol 2
#Turn on Privileged Separation for security
#Deny root login
#Do not allow empty passwords
# installations will only check .ssh/authorized_keys
# Forward my X Sessions
# I hate Motd displays
# It's alliivee
The lines commented out with hash mean they are default values, e.g. #AllowTcpForwarding is by default yes.
Hint! OpenSSH also available on Synology NAS, FreeNAS, FreePBX Distro, OpenWrt, Raspberry Pi (Raspbian) and now on Windows Servers.
SSH Tunnel to Remote Host C
In this example, an SSH Tunnel is built from Host A to Host C, Host C is an RDS terminal server, Host B serves as a port forwarder.
Run the command in the Linux terminal on Host A as follows:
The Remote Desktop session to Host C is built via localhost on Host A, by pressing the Win + R key opens Run, to confirm the input mstsc /v:localhost with OK.
This example uses the tcp port 3389 for RDP as both internal and external port. All unprivileged ports (-L) higher than 1024 can be used, if a port other than 3389 is used, then the port must be passed to RDP for execution, e.g. mstsc /v:localhost:44389
For Host B, the kernel must be enabled for IP forwarding, which is command for this in the shell as root:
$ net.ipv4.ip_forward = 1
Alternatively, echo in the Shell Console does the same thing:
The value 1 for activation, 0 applies deactivation. The change is not boot persistent, so that after the next start the IP forwarding is active again, edit using nano or sudo vi /etc/sysctl.conf
Controls IP packet forwarding
net.ipv4.ip_forward = 1
It is recommended to use an SSH key for authentication, a key pair can be created as follows:
$ ssh-keygen -f ~/.ssh/key_rsa -t rsa -b 4096
The public key ~/.ssh/key_rsa.pub is stored in the user’s home path, here in this example on Host B under the path in the file .ssh/authorized_keys.
Authentication using SSH keys is not only more secure, there are other advantages, for example, the user is not asked to enter a password, also the SSH tunnel and other commands can be executed from a script.
SSH Tunnel on macOS
For Apple macOS, SSH is available after activation, open Terminal and run this command as follows:
$ sudo systemsetup -setremotelogin on
After that, the SSH Tunnel can be set up under macOS.
Remote Desktop for Mac Gateway on localhost is now registered and the RDP session can be opened, in this way terminal servers are protected and can only be reached via SSH.
macOS also offers the possibility for automation and uses launchd and the launch system services, the following script is created at: @/Library/LaunchDaemons/server.hostc.client.cherry.home.plist with the following content: