Skip to content

Instantly share code, notes, and snippets.

@ipai

ipai/github-sshkey-setup.md

Last active June 17, 2021 17:19
Show Gist options
  • Save ipai/b1945b885884ddbe0125b4583e719134 to your computer and use it in GitHub Desktop.
Save ipai/b1945b885884ddbe0125b4583e719134 to your computer and use it in GitHub Desktop.
Download ZIP
github-sshkey-setup
Raw
github-sshkey-setup.md

Making GitHub Remote Ops (e.g. git push) Work with 2-Fac Authentication

The following method will let you use ssh keypair to push & pull commits without Personal Access Token, as long as you select "use ssh" instead of "use https" when cloning the repo.

1. Use OS X Keychain as Git credential helper

Install Git and the osxkeychain helper and tell Git to use it.

1. Find out if Git and the osxkeychain helper are already installed:
$ git credential-osxkeychain
# Test for the cred helper
Usage: git credential-osxkeychain <get|store|erase>
2. If the osxkeychain helper isn't installed and you're running OS X version 10.9 or above, your computer will prompt you to download it as a part of the Xcode Command Line Tools:
$ git credential-osxkeychain
xcode-select: note: no developer tools were found at '/Applications/Xcode.app',
requesting install. Choose an option in the dialog to download the command line developer tools.

Alternatively, you can install Git and the osxkeychain helper by using Homebrew:

$ brew install git
3. Tell Git to use osxkeychain helper using the global credential.helper config:
$ git config --global credential.helper osxkeychain
# Set git to use the osxkeychain credential helper

The next time you clone an HTTPS URL that requires a password, you'll be prompted for your username and password, and to grant access to the OSX keychain. After you've done this, the username and password are stored in your keychain and you won't be required to type them in to Git again.

2. Checking for existing SSH keys

Before you generate an SSH key, you can check to see if you have any existing SSH keys.

Note: DSA keys were deprecated in OpenSSH 7.0. If your operating system uses OpenSSH, you'll need to use an alternate type of key when setting up SSH, such as an RSA key. For instance, if your operating system is MacOS Sierra, you can set up SSH using an RSA key.

1. Open Terminal.
2. Enter ls -al ~/.ssh to see if existing SSH keys are present:
$ ls -al ~/.ssh

# Lists the files in your .ssh directory, if they exist
3. Check the directory listing to see if you already have a public SSH key.

By default, the filenames of the public keys are one of the following:

  • id_dsa.pub
  • id_ecdsa.pub
  • id_ed25519.pub
  • id_rsa.pub

If you don't have an existing public and private key pair, or don't wish to use any that are available to connect to GitHub, then generate a new SSH key.

3. Generating a new SSH key and adding it to the ssh-agent

After you've checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent.

If you don't already have an SSH key, you must generate a new SSH key. If you're unsure whether you already have an SSH key, check for existing keys.

If you don't want to reenter your passphrase every time you use your SSH key, you can add your key to the SSH agent, which manages your SSH keys and remembers your passphrase.

Generating a new SSH key

1. Open Terminal.
2. Paste the text below, substituting in your GitHub email address.
$ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This creates a new ssh key, using the provided email as a label.

3. Generating public/private rsa key pair.

When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.

Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter]
4. At the prompt, type a secure passphrase.
Enter passphrase (empty for no passphrase): [Type a passphrase]
Enter same passphrase again: [Type passphrase again]

Adding your SSH key to the ssh-agent

Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key.

1. Start the ssh-agent in the background.
$ eval "$(ssh-agent -s)"
Agent pid 59566
2. If you're using macOS Sierra 10.12.2 or later, you will need to modify your ~/.ssh/config file to automatically load keys into the ssh-agent and store passphrases in your keychain.
Host *
 AddKeysToAgent yes
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa
3. Add your SSH private key to the ssh-agent. Use the default macOS ssh-add command, and not one installed by macports, homebrew, or some other external source. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.
$ ssh-add -K ~/.ssh/id_rsa

4. Add the SSH key to your GitHub account.

To configure your GitHub account to use your new (or existing) SSH key, you'll also need to add it to your GitHub account.

Before adding a new SSH key to your GitHub account, you should have:

  • Checked for existing SSH keys
  • Generated a new SSH key and added it to the ssh-agent
1. Copy the SSH key to your clipboard.

If your SSH key file has a different name than the example code, modify the filename to match your current setup. When copying your key, don't add any newlines or whitespace.

$ pbcopy < ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard
2. In the upper-right corner of any page, click your profile photo, then click Settings.
3. In the user settings sidebar, click SSH and GPG keys.
4. Click New SSH key or Add SSH key.
5. In the "Title" field, add a descriptive label for the new key. For example, if you're using a personal Mac, you might call this key "Personal MacBook Air".
6. Paste your key into the "Key" field.
7. Click Add SSH key.
8. If prompted, confirm your GitHub password.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment