Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.
As the name says, its primary function is to be used in the deploy process, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.
-
Generate a ssh key
run
ssh-keygen -t rsa -b 4096 -C "{email}"
, leave the password empty as you want the deploy process keyboard-less.after the generation, file
id_rsa
andid_rsa.pub
can be found under.ssh
folder. -
add ssh key to repo's "Deploy keys" setting
cat .ssh/id_ras.pub
-
Setup the git ssh key on the client machine
Git normally use the ssh key found in
.ssh/id_rsa
under user's home folder, so first you need to find out the home directory of the user.for example, on Ubuntu/Debian, in default, user
www-data
's home directory is/var/www
, so the ssh key file is/var/www/.ssh/id_rsa
).Then copy the
id_rsa
file from Step 1 to the right directory.You can test the connection by:
sudo -u {user} ssh -T git@github.com
*You might need to grant Github's key to known hosts.
If everything went well, you can see:
Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.
Then you are all set!
Attention: make sure your repo url use git protocl not http, which means use
git@github.com:{user}/{repo}.git
not
https://github.com/{user}/{repo}.git
You can use /.ssh/config
file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.