GitHub/GitLab SSH key based authentication: Difference between revisions
From WikiMLT
m (Стадий: 3 [Фаза:Разработване, Статус:Разутвърден]; Категория:DevOps and SRE) |
mNo edit summary |
||
| Line 7: | Line 7: | ||
sudo apt update && sudo apt install -y openssh-client git | sudo apt update && sudo apt install -y openssh-client git | ||
</syntaxhighlight>'''2.''' Create user's SSH directory and a sub directory where your dedicated GitHub SSH key will be stored:<syntaxhighlight lang="shell" line="1"> | </syntaxhighlight>'''2.''' Create user's SSH directory and a sub directory where your dedicated GitHub SSH key will be stored:<syntaxhighlight lang="shell" line="1"> | ||
mkdir -p | mkdir -p -m 700 ~/.ssh/github | ||
</syntaxhighlight> | </syntaxhighlight> | ||
'''4.''' Copy the content of the file <code> | * The option <code>-m 700</code> is equivalent to <code>chmod 700 ~/.ssh ~/.ssh/github</code>. | ||
cat ~/.ssh/github/ | |||
'''3.''' Generate the SSH key (the output key will have octal permissions <code>600</code>):<syntaxhighlight lang="shell" line="1"> | |||
ssh-keygen -t ed25519 -C 'your@email.com' -f ~/.ssh/github/id_ed25519 -q -N '' | |||
</syntaxhighlight> | |||
* <code>-q</code> - silence ssh-keygen; <code>-N <nowiki>''</nowiki></code> - empty (without) passphrase, you can assign one if you want. If it is passphrase protected key, you can add <code>-a 256</code> (default is 16) to increase the security of the passphrase by decreasing its verification. | |||
'''4.''' Copy the content of the file <code>id_ed25519.pub</code>, use the following command to output it:<syntaxhighlight lang="shell" line="1"> | |||
cat ~/.ssh/github/id_ed25519.pub | |||
</syntaxhighlight> | </syntaxhighlight> | ||
{{media|img=Git-key-authentication-settings.png|1|sz=460}} | {{media|img=Git-key-authentication-settings.png|1|sz=460}} | ||
| Line 23: | Line 26: | ||
* Then from the menu at the left side select ''SSH and GPG keys''. | * Then from the menu at the left side select ''SSH and GPG keys''. | ||
* Click on the ''New SSH Key'' button. | * Click on the ''New SSH Key'' button. | ||
* Type some meaningful for a ''Title'' and paste the content of <code>~/.ssh/github/''' | * Type some meaningful for a ''Title'' and paste the content of <code>~/.ssh/github/'''id_ed25519.pub'''</code> in the field ''Key''. | ||
* Then click on the ''Add SSH Key'' button. | * Then click on the ''Add SSH Key'' button. | ||
| Line 31: | Line 34: | ||
</syntaxhighlight>Edit the <code>config</code> file and add the following entry for the new SSH key:<syntaxhighlight lang="bash"> | </syntaxhighlight>Edit the <code>config</code> file and add the following entry for the new SSH key:<syntaxhighlight lang="bash"> | ||
Host github.com | Host github.com | ||
IdentityFile ~/.ssh/github/ | IdentityFile ~/.ssh/github/id_ed25519 | ||
</syntaxhighlight>'''7.''' Test the setup. Use the following command:<syntaxhighlight lang="shell" line="1"> | </syntaxhighlight>'''7.''' Test the setup. Use the following command:<syntaxhighlight lang="shell" line="1"> | ||
ssh -T git@github.com | ssh -T git@github.com | ||
| Line 59: | Line 62: | ||
*[https://gist.github.com/developius/c81f021eb5c5916013dc GitHub Developius' Gist: Setup SSH keys for use with GitHub/GitLab/BitBucket etc] | *[https://gist.github.com/developius/c81f021eb5c5916013dc GitHub Developius' Gist: Setup SSH keys for use with GitHub/GitLab/BitBucket etc] | ||
*Information Security: [https://security.stackexchange.com/questions/90077/ssh-key-ed25519-vs-rsa SSH Key: Ed25519 vs RSA] | |||
* Information Security: [https://security.stackexchange.com/questions/101044/is-it-bad-that-my-ed25519-key-is-so-short-compared-to-a-rsa-key Is it bad that my ed25519 key is so short compared to a RSA key?] | |||
* Risan Bagja: [https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54 Upgrade Your SSH Key to Ed25519] | |||
* Cryptsus Blog: [https://cryptsus.com/blog/how-to-secure-your-ssh-server-with-public-key-elliptic-curve-ed25519-crypto.html How to secure your SSH server with public key Ed25519 Elliptic Curve Cryptography] | |||
<noinclude> | <noinclude> | ||
<div id='devStage'> | <div id='devStage'> | ||
Revision as of 18:09, 5 September 2022
This article is based on the answer of mine under the question How do I setup SSH key based authentication for GitHub? at Ask Ubuntu. Here is short manual how to setup SSH key based authentication for GitHub and how to use it.
Setup SSH key based authentication for GitHub
1. Install the openssh-client if it is not already installed, and of course git:
sudo apt update && sudo apt install -y openssh-client git
2. Create user's SSH directory and a sub directory where your dedicated GitHub SSH key will be stored:
mkdir -p -m 700 ~/.ssh/github
- The option
-m 700is equivalent tochmod 700 ~/.ssh ~/.ssh/github.
3. Generate the SSH key (the output key will have octal permissions 600):
ssh-keygen -t ed25519 -C 'your@email.com' -f ~/.ssh/github/id_ed25519 -q -N ''
-q– silence ssh-keygen;-N ''– empty (without) passphrase, you can assign one if you want. If it is passphrase protected key, you can add-a 256(default is 16) to increase the security of the passphrase by decreasing its verification.
4. Copy the content of the file id_ed25519.pub, use the following command to output it:
cat ~/.ssh/github/id_ed25519.pub
Figure 1. Setup SSH key within GitHub.
5. Go to your GitHub account and follow these steps:
- From the drop-down menu in upper right corner select Settings.
- Then from the menu at the left side select SSH and GPG keys.
- Click on the New SSH Key button.
- Type some meaningful for a Title and paste the content of
~/.ssh/github/id_ed25519.pubin the field Key. - Then click on the Add SSH Key button.
6. Create the ~/.ssh/config file, if it doesn't already exist:
touch ~/.ssh/config
chmod 600 ~/.ssh/config
Edit the config file and add the following entry for the new SSH key:
Host github.com
IdentityFile ~/.ssh/github/id_ed25519
7. Test the setup. Use the following command:
ssh -T git@github.com
On the question – Are you sure you want to continue connecting (yes/no)? – answer with yes. If everything went well you should receive a greeting message like this:
Hi pa4080! You've successfully authenticated, ...
How to use Git with SSH key
1. If you have already cloned repository through HTTPS, by using a command as these:
git clone https://github.com/username/repository-name.git
git clone git://github.com/username/repository-name
Go inside the repository's directory and execute the next command to allow work via SSH:
git remote set-url origin git@github.com:username/repository-name.git
2. Direct clone a repository via SSH:
git clone git@github.com:username/repository-name.git
3. In addition if you are using VSC it will work without problems with this setup. For already cloned repositories just use the Open Folder option and all VSC Git features will work.
References
- GitHub Developius' Gist: Setup SSH keys for use with GitHub/GitLab/BitBucket etc
- Information Security: SSH Key: Ed25519 vs RSA
- Information Security: Is it bad that my ed25519 key is so short compared to a RSA key?
- Risan Bagja: Upgrade Your SSH Key to Ed25519
- Cryptsus Blog: How to secure your SSH server with public key Ed25519 Elliptic Curve Cryptography
