SSH on GitHub - HackMD

--- robots: noindex, nofollow --- # Using SSH Keys with GitHub [why] # Creating Keys ## Set Up Variables ``` HOST=`hostname` USER=`whoami` TODAY=`date "+%Y-%m-%d"` FILE=id_ed25519-$HOST-$USER-$TODAY@github ``` ## Create Auth & Signing Keys ``` ssh-keygen -t ed25519 -f ~/.ssh/auth_$FILE -C "auth_$FILE" | tee ~/auth_$FILE.txt ssh-keygen -t ed25519 -f ~/.ssh/sign_$FILE -C "sign_$FILE" | tee ~/sign_$FILE.txt ``` [C comment, t type] BP: Enter a passphrase! [what it means] [move your files somewhere safe] [fingerprint] ## Create a Personal Access Token Generate a personal access token https://github.com/settings/personal-access-tokens/ (https://github.com/settings/personal-access-tokens/new) The minimum required scopes are 'repo', 'read:org', 'admin:public_key'. Copy it ## Setup GitHub Info ``` brew install gh ``` other systems (`apt-get install gh`) [or dl] [make sure you're web logged into the right account] [what gh is] ``` gh auth login ``` choose "GitHub.com" Choose SSH Choose your Auth key for a public key upload. Give it a Title, e.g $HOSTNAME Auth Key Authenticate? Web ``` ShannonA@DragonBook ~ % gh auth login ? What account do you want to log into? GitHub.com ? What is your preferred protocol for Git operations on this host? SSH ? Upload your SSH public key to your GitHub account? /Users/ShannonA/.ssh/auth_id_ed25519-DragonBook.local-ShannonA-2024-01-31@github.pub ? Title for your SSH key: Dragonbook Auth Key ? How would you like to authenticate GitHub CLI? Login with a web browser ! First copy your one-time code: B7D1-67DE Press Enter to open github.com in your browser... ``` [on browser, paste, CONTINUE, AUTHORIZE GITHUB, 2FA if needed] [web] ``` ✓ Authentication complete. - gh config set -h github.com git_protocol ssh ✓ Configured git protocol ✓ Uploaded the SSH key to your GitHub account: /Users/ShannonA/.ssh/auth_id_ed25519-DragonBook.local-ShannonA-2024-01-31@github.pub ✓ Logged in as shannona ``` [token] ``` ? Paste your authentication token: **************************************** - gh config set -h github.com git_protocol ssh ✓ Configured git protocol ✓ Uploaded the SSH key to your GitHub account: /Users/ShannonA/.ssh/auth_id_ed25519-DragonBook.local-ShannonA-2024-01-31@github.pub ✓ Logged in as shannona ``` [EDIT OUT HOST/NAME] WEB PASED SIGNING KEY UPLOAD $ pbcopy < ~/.ssh/id_ed25519.pub # Copies the contents of the id_ed25519.pub file to your clipboard Add to https://github.com/settings/ssh/new Personalinfo ``` git config --global user.name "YOUR NAME" git config --global user.email YOUR EMAIL git config --global github.user YOURID ``` [config setup] ``` git config --global gpg.format ssh git config --global commit.gpgsign true git config --global tag.gpgsign true git config --global user.signingkey ~/.ssh/sign_$FILE.pub ``` [explain each of these] ``` touch ~/.ssh/allowed_signers git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers ``` [what's this?] ## Update SSH Identities ``` ssh-add ~/.ssh/auth_$FILE ssh-add ~/.ssh/sign_$FILE ``` [see https://www.git-tower.com/blog/setting-up-ssh-for-commit-signing/ for what this is] [doesn't work on Debian: Could not open a connection to your authentication agent.]