git push via ssh and who knows the private key?

Question

This is a conceptional question.

When setting up a ssh connection to gitbucket/github, I am creating a private ssh key which is then used for creating the public ssh key.

Then I add the public key to gitbucket.

Hence as my computer hold the private key, it can decrypt the encrypted messages coming from gitbucket.

So I understand for example how git clone works.

But gitbucket has no own private key, and I did not add a public key to my computer which was generated by that (non existing) private key. So how should git push work via ssh???

Gitbucket uses the public key to encrypt messages, and you use your private key to decrypt them. — Hanxue, May 24 '16 at 09:08

VonC · Accepted Answer · 2015-02-16T09:16:28.660

0

But gitbucket has no own private key

It doesn't need a private key, only the public one in order to authenticate you.

Once gitbucket knows who is contacting for a clone or a push, it will allow the operation.
For the push, it works if you are the owner of the repo to which you are pushing to.

For the authentication part (ssh/PublicKeyAuthenticator.scala) in gitbucket, see for instance:

src/main/scala/model/SshKey.scala for retrieving the username
src/main/scala/service/SshKeyService.scala for storing the username along with the public key.

The server side (gitbucket) needs only the public key because of the way public key cryptography works.

edited Feb 16 '15 at 09:16

answered Feb 16 '15 at 09:00

VonC

1,262,500
529
4,410
5,250

How does it authenticate me with the public key? Is it sending like a encrypted string which then can only be decrypted by the computer which holds the private key and then sends back the decrypted string? – newandlost Feb 16 '15 at 09:08

git push via ssh and who knows the private key?

1 Answers1