Getting Started

SSH Keys

Upload your SSH public key to the VulnCheck platform to clone git repositories from git.vulncheck.com.

All of our git repositories can be accessed via SSH keys. This guide will walk you through the process of generating a new SSH key and adding it to your VulnCheck account.

Generating a new SSH key

You need to generate a new SSH key and add it to your VulnCheck account. To do so, follow the instructions below:

  1. Open a terminal window
  2. Decide which algorithm to use then paste the text below, substituting in your email address.

For an ED25519 key use

ssh-keygen -t ed25519 -C "your_email@example.com"

For an RSA key use

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This creates a new SSH key, using the provided email as a label. You should see a message on the screen similar to:

Generating public/private ALGORITHM key pair.

When you're prompted to "Enter a file in which to save the key", you can press Enter to accept the default file location. Please note that if you created SSH keys previously, ssh-keygen may ask you to rewrite another key, in which case we recommend creating a custom-named SSH key. To do so, type the default file location and replace id_ssh_keyname with your custom key name. You should see a message on the screen similar to:

Enter a file in which to save the key (/c/Users/USERNAME/.ssh/id_rsa):
  1. At the prompt, which appears as follows, type a secure passphrase:
Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

Adding your new SSH key

Once you have your ssh key generated, you need to add it to your VulnCheck account. To do so, follow the instructions below:

  1. Navigate to the Tokens & SSH Keys page under your user profile in the top right.
  2. Click on the Add SSH Key button in the SSH Keys section.
  3. Specify a Label for this new key - this will be used to identify the key in the future
  4. Copy the contents of the public key file (ex: id_rsa.pub) and paste it into the "SSH Key" field

Testing your SSH Key

Once you have added your SSH key to your VulnCheck account, you can test it by cloning a repository. Here are some optional ways to do so:

Using the SSH command

You can specify the SSH command that git uses when you do a git clone. To do so, follow the instructions below:

  1. Open a terminal
  2. Type the following command, substituting in the location of the private key you created earlier.
GIT_SSH_COMMAND='ssh -i ./sshkey' \ 
  git clone git@git.vulncheck.com:bitbucket.org/mburr/cve-2015-7547.git
  1. The repository should be cloned successfully, you should see something similar to:
Cloning into 'cve-2015-7547'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (17/17), done.
remote: Total 18 (delta 0), reused 15 (delta 0), pack-reused 0
Receiving objects: 100% (18/18), 50.11 KiB | 1.39 MiB/s, done.

Adding your SSH Key to the SSH Agent

You can add your SSH key to your SSH agent, so that you don't have to specify the SSH command every time you clone a repository. To do so, follow the instructions below:

  1. Add your new key to the ssh-agent
ssh-add ./sshkey
  1. You can then confirm your key has been added, run the following command:
ssh-add -l

This should print the fingerprint of your new key. You may compare this fingerprint with the list of SSH keys on the token section to confirm it is the correct key.