Skip to content

Instantly share code, notes, and snippets.

@mdkarp
Forked from zhujunsan/Using Github Deploy Key.md
Created September 25, 2018 16:57
Show Gist options
  • Save mdkarp/d078bd286be012b0053855af77c9c76c to your computer and use it in GitHub Desktop.
Save mdkarp/d078bd286be012b0053855af77c9c76c to your computer and use it in GitHub Desktop.
Using Github Deploy Key

What / Why

Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.

As the name says, its primary function is to be used in the deploy process, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.

How to

  1. Generate a ssh key

    run ssh-keygen -t rsa -b 4096 -C "{email}", leave the password empty as you want the deploy process keyboard-less.

    after the generation, file id_rsa and id_rsa.pub can be found under .ssh folder.

  2. add ssh key to repo's "Deploy keys" setting

    cat .ssh/id_ras.pub

    URL: https://github.com/{user}/{repo}/settings/keys

  3. Setup the git ssh key on the client machine

    Git normally use the ssh key found in .ssh/id_rsa under user's home folder, so first you need to find out the home directory of the user.

    for example, on Ubuntu/Debian, in default, user www-data's home directory is /var/www, so the ssh key file is /var/www/.ssh/id_rsa).

    Then copy the id_rsa file from Step 1 to the right directory.

    You can test the connection by:

    sudo -u {user} ssh -T git@github.com

    *You might need to grant Github's key to known hosts.

    If everything went well, you can see:

    Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.
    

    Then you are all set!

    Attention: make sure your repo url use git protocl not http, which means use

    git@github.com:{user}/{repo}.git
    

    not

    https://github.com/{user}/{repo}.git
    

*Using multiple deploy key with different repo on the same machine

You can use /.ssh/config file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.

Reference

  1. Read-only deploy keys

  2. Generating SSH keys

  3. Using Multiple Github Deploy Keys for a Single User on a Single Linux Server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment