Tower 5.2 for Windows — SSH Signing
Table of Contents
SSH support is now available on Windows! Starting today, you can link your SSH keys with your User Profiles and conveniently sign commits (or tags) directly from Tower. 🔒
Initially introduced in Tower for Mac earlier this year, we are now bringing one of your most requested features to Tower for Windows as well. In this post, you will learn about the new features in the 5.2 release and how to set up and use SSH!
We rely on SSH to authenticate commits and tags to confirm if they were made by the intended individuals. SSH works seamlessly in Tower, and if you've been using GPG before, you'll feel right at home with this new option. ✌️
With this update, you will be able to:
- Set and manage your SSH keys
- Sign commits and tags
- Verify the authenticity of signed commits and tags
All of these capabilities are just a few clicks away!
💡 Don't have an SSH key yet? Check out our tutorials on how to set it up:
Let's take a closer look at these features. You can also watch this video, which summarizes everything in 3 minutes.
Set and Manage Your SSH Keys
Head over to the "Git Config" tab in the "Preferences" dialog to choose your preferred SSH agent and your "allowed signers" file.
In Windows, many SSH agents can be used. That's why we've included a dropdown menu, allowing you to choose from the most popular options.
If you're new to SSH, we recommend setting it up with 1Password, as it is the most straightforward approach.
We also provide some helpful information in case your SSH Agent is not properly configured. In this example, the environment variables aren't properly defined.
You have the option to sign commits by default for all projects, or you can customize the SSH settings for specific repositories by accessing the "Settings" view in the sidebar of any open project.
Finally, you can also visit the "User Profiles" tab to add an SSH key to your profile.
Sign Commits and Tags
When adding a new commit, you can easily choose the appropriate SSH key before making it official, thus ensuring that the correct key is linked.
You can do the same for tags. Simply check the "Sign Tag" box and select your SSH key in the "Create New Tag" dialog.
Verify the Authenticity of Signed Commits and Tags
To view if a commit has been signed, first you should enable the "Verify Signatures" option.
You will notice a colored dot next to each commit, indicating its status. It can be:
- Green: Signature is good.
- Yellow: There is an issue with the signature (you can click the indicator to read a status message in the popover).
- Red: Signature is bad.
To verify the signature of a tag, simply right-click on it in the sidebar or within a commit.
Other Fixes and Improvements
While SSH takes center stage in this release, there are also several noteworthy improvements worth mentioning. Here are some of the highlights:
- Tower can now handle HTTPS Authentication using Git Credential Manager. You can enable this in Preferences > Git Config > HTTPS.
- It is now possible to undo the "Reset to Revision" action with CTRL + Z.
- Meld and KDiff3 (Diff Tools) can now be detected in the "C:\Program Files" directory.
- Opening a repository from the File menu or using a shortcut is now working as expected.
- The handling of SSH keys for services has been improved, particularly for password-protected private keys.
- When adding a repository from an "unsafe" directory, such as a WSL path with different ownership, Tower now provides a dialog that allows for automatic addition of the path to the
We hope you enjoy this release. If you already have a Tower account, you can update to version 5.2 for free!
Happy committing! 😊
Not a Tower user yet? Download our 30-day free trial and experience a better way to work with Git!