Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

Use SSH Keys with Git

If you want to use ssh keys with git you need to do these simple steps. Once you’ve set things up, ssh keys are very easy to use and much safer than passwords.

Here are the summary steps of using ssh keys with git:

  • Generate ssh key

  • Add Key to Github Web Account

  • Tell Your SSH client to use Key

Keep reading to learn the details…

Using Keys For Git

You need to generate a key if you don’t have already. Here is an example of adding my raspberry pi as an authorized device to modify code in the repo (I write scripts on the pi and test them as one of the platforms).

If you have keys already, they will exist in ~/.ssh/ as either rsa or ed25519 versions. In my case I use ed25519, so there should be id_ed25519 and id_ed25519.pub files. If you don’t see these two files, you’ll need to create them. I always use a password to encrypt the key. This prevents someone from taking over the device where the key is stored and using it (as easily). If you don’t want a password, just don’t type on here:

    pi@raspberrypi:~ $ ssh-keygen -t ed25519 -C "dave@somesite.com"
    Generating public/private ed25519 key pair.
    Enter file in which to save the key (/home/pi/.ssh/id_ed25519):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/pi/.ssh/id_ed25519.
    Your public key has been saved in /home/pi/.ssh/id_ed25519.pub.
    The key fingerprint is:
    SHA256:........................................... dave@somesite.com
    The key's randomart image is:
    +--[ED25519 256]--+
    |                 |
    |         @       |
    |                 |
    |     +      +    |
    |        --       |
    |    /   __    \  |
    |    \___|||___/  |
    |                 |
    |                 |
    +----[SHA256]-----+

Add this Key to Github

First, you need to get your public key:

    pi@raspberrypi:~ $ cat .ssh/id_ed25519.pub
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2Y5NZdThMB8VhGc32EZovvtfnw2HpQIvzjbiboXdp1 dave@somesite.com

Then, add it in the web interface of your https://github.com account under settings:

Git Hub Settings

Click “Add SSH Key” and paste your pub key from above, click save.

Github New SSH Key

Tell Git Client to Use this Key

By default, if you have only 1 key, it should use it. In the event you need to specify you can use the -i /path/to/key when using git/ssh, or you can just setup your ssh client config to always use the right file:

pi@raspberrypi:~ $ vim .ssh/config

Add the following:

    Host github-my-repo
        # The host that has the remote Git repository
        Hostname github.com
        # Username for remote SSH user (For GitHub, everyone uses the name `git`)
        User git
        # Path to your private SSH key
        IdentityFile /home/pi/.ssh/id_ed25519

Test SSH Access to Git

Everyone connects as git@github.com for the user. Your key is unique though. You can test if your key is working by typing ssh -T git@github.com:

    pi@raspberrypi:~ $ ssh -T git@github.com
    The authenticity of host 'github.com (140.82.114.4)' can't be established.
    RSA key fingerprint is SHA256:nThb298234jadf098234ja7234'-2347aafd-725SY8.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'github.com,140.82.114.4' (RSA) to the list of known hosts.
    Enter passphrase for key '/home/pi/.ssh/id_ed25519':
    Hi somedomain! You've successfully authenticated, but GitHub does not provide shell access.

Clone a Repo Using SSH

In the basic form, you clone a repo to your device (download the source), and by default that will be https. You’ll be asked for your password each time on https. This is annoying.

If you’re using ssh, it will only ask for the password of the ssh key and you can use various keyring management to bypass that if you desire. You will need to specify the ssh URL instead though:

    pi@raspberrypi:~ $ git clone git@github.com:somedomain/svggames.git
    Cloning into 'svggames'...
    Warning: Permanently added the RSA host key for IP address '140.82.112.3' to the list of known hosts.
    Enter passphrase for key '/home/pi/.ssh/id_ed25519':
    remote: Enumerating objects: 3, done.
    remote: Counting objects: 100% (3/3), done.
    remote: Compressing objects: 100% (3/3), done.
    remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
    Receiving objects: 100% (3/3), done.

If you’d like to see details on github, here is a nice article that describes how to change between ssh and https url variants: Changing Remotes URL Type

Last updated on 1 Feb 2021
Published on 1 Feb 2021