← Back to Upcase

Intro to SSH

SSH is a foundational topic for anyone working on the web, and at a minimum it's important to understand how SSH is used for authentication with Git and similar tools. In this episode we'll cover these basics as well as some of the more interesting tricks we can pull off using SSH.

This is a companion discussion topic for the original entry at https://thoughtbot.com/upcase/videos/intro-to-ssh
1 Like

In the video, Chris mentions that the local SSH agent will sign things using the private key but the video’s transcript states that the local SSH agent will encrypt the message using your public key.

I would appreciate a little clarification on the subject.

Thanks for the content (video and transcript).

hey Chris just watched your video on ssh. When trying to access ~/.ssh/id_rsa.pub or ~/.ssh/known_hosts through my console I always get zsh: permission denied: /Users/davidgeismar/.ssh/known_hosts. Do you happen to know how to bypass that ?

Hi @gnerkus, I believe the specifics are actually more subtle. The initial exchange between a server and a user will involve asymmetric encryption using public keys to exchange a shared secret. This secret key will then be used for all subsequent communication, via symmetric encryption. The Public-key cryptography covers this far better than I could hope to.

That said, in day to day use the specifics of the encryption algorithm and approach are details that we can safely look past. The only hard and fast rule is to never share your private key.

@davidgeismar, I think you have a permissions issue with the ~/.ssh directory. I believe you should be able to use chown to fix this. Check out this answer for more detail, but I believe you should be able to run the following (filling in your actual OS username for <username>:

$ sudo chown -R <username> ~/.ssh

Hi, I have a long standing issue with ssh and capistrano.

When I deploy a project with

cap production deploy

I get this permission error:

git stderr: Permission denied (publickey).                                                                                              │outes/_route.html.erb (2.6ms)
fatal: Could not read from remote repository.

only when I add a new ssh-key to the ssh-agent I can deploy to production:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

why do I always had to add a new ssh-key to the ssh-agent before I can do a deploy to production with Capistrano?

thanks for your help,


@acandael on osx use /usr/bin/ssh-add -K to add it to your keychain

1 Like

@durandom , will try, thanks for the advice!

Hi @durandom

your suggestion fix this long outstanding issue, thanks a lot!!



I think there is a typo.

Public Key Cryptography

… made up of one private and one public ey. The public key is shared openly, for instance …

public ey should be changed to public key.

Hi @taeyang91 - Thanks for pointing that out! We fixed the typo.

@jasonramirez No problem :smiley:

I think there is a typo mistake

your local SSH command will encrypt the message using your public key,

It should be “SSH command will sign the message using your private key.”