SSH Authentication
Code Insight 6.14.2
This section describes SSH authentication between a system running Code Insight and Git servers such as GitHub and Bitbucket. The following options are possible:
| • | Use one SSH keypair for all Git servers. |
| • | Use a separate keypair for each Git server. |
| • | Use multiple keypairs for some or all Git servers. |
SSH does not rely on account passwords but rather on a pair of keys, one a private key and the other a public key. Though a private key file may be protected by a password, no password should be specified for private keys used by Code Insight.
Creating Keypairs
Use ssh-keygen to create a keypair for each Git server. Make the passphrase empty by hitting return twice. For example:
ssh-keygen -f ~/.ssh/id_rsa_github_test1 -C "github test 1"
ssh-keygen -f ~/.ssh/id_rsa_bitbucket_test1 -C "bitbucket test 1"
The created files are:
|
Type |
Private Key |
Public Key |
|
GitHub |
id_rsa_github_test1 |
id_rsa_github_test1.pub |
|
Bitbucket |
id_rsa_bitbucket_test1 |
id_rsa_bitbucket_test1.pub |
The private keys remain in the .ssh folder on Linux or the <user_home>\.ssh folder on Windows. Each public key will be stored on a Git server under a palamida_account as described below.
Adding to the Config File
Update .ssh/config (on Linux) or <user_home>\.ssh\config (on Windows).
|
Property |
Github |
Bitbucket |
|
Host |
github.com |
bitbucket.org |
|
User |
git |
git |
|
HostName |
github.com |
bitbucket.org |
|
PreferredAuthentications |
publickey |
publickey |
|
IdentityFile |
~/.ssh/id_rsa_github_test1 |
~/.ssh/id_rsa_bitbucket_test1 |
There is a correspondence between the name on the Host line and the name used in the URL. When there is only one keypair per host, it is convenient to specify Host as above. This means the URL for git clone is:
git clone git@github.com:account/repository.git
The following definitions allow multiple keys to be used with GitHub or Bitbucket:
|
Property |
Github 1 |
Github 2 |
|
Host |
mygithub_01 |
mygithub_02 |
|
User |
git |
git |
|
HostName |
github.com |
github.com |
|
PreferredAuthentications |
publickey |
publickey |
|
IdentityFile |
~/.ssh/id_rsa_github_test1 |
~/.ssh/id_rsa_github_test2 |
The URLs are changed to use the values of Host from the config file. The appropriate git clone commands are:
git clone git@mygithub_01:account/repository.git
git clone git@mygithub_02:account/repository.git
Both clone commands will connect to gitub.com which is the value of HostName. The first command will use the private key id_rsa_github_test1. The second command will uses the private key id_rsa_github_test2.
Setting Up a Code Insight (Palamida) Account
The tasks involved in setting up a Code Insight (Palamida) account are:
| • | Define a palamida_account. |
| • | Add a public key to the palamida_account. |
| • | Grant the palamida_account access to repositories to be scanned. |
Setting Up a palamida_account
Below are instructions for setting up a palamida_account on GitHub and Bitbucket:
| • | Setting Up a palamida_account on GitHub |
| • | Setting Up a palamida_account on Bitbucket |
Setting Up a palamida_account on GitHub
To set up a palamida_account on GitHub, perform the following steps.
To set up a palamida account on GitHub, do the following:
| 1. | Create the account on GitHub. |
| 2. | Click Account settings, SSH Keys, Add SSH key. |
| 3. | Enter a Title and paste the contents of the public key file. |
Setting Up a palamida_account on Bitbucket
To set up a palamida_account on Bitbucket, perform the following steps:
To setup a palamida_account on Bitbucket, do the following:
| 1. | Create the account on Bitbucket. |
| 2. | Click Manage Account, SSH keys, Add key. |
| 3. | Enter a Label and paste the contents of the public key file. |
Granting Access to a Repository
Below are instructions for granting access to the repository on GitHub and Bitbucket:
| • | Granting Access to a Repository on GitHub |
| • | Granting Access to a Repository on Bitbucket |
Granting Access to a Repository on GitHub
For a repository that will be scanned, give access to the palamida_account.
To grant access to a repository on GitHub, do the following:
| 1. | From GitHub's Repository page, click Settings, Collaborators. |
| 2. | Add the palamida_account. |
| 3. | If you want to verify that the account has been created, from the Code Insight system enter: |
git ls-remote git@github.com:account_name/repository_name.git
Granting Access to a Repository on Bitbucket
For repository that will be scanned, give access to the palamida_account.
To grant access to a repository on Bitbucket, do the following:
| 1. | From Bitbucket's Repository page, click Administration, Access management. |
| 2. | Add the palamida_account as a User with Read access. |
| 3. | If you want to verify, from the Code Insight system enter: |
git ls-remote git@bitbucket.org:account_name/repository_name.git