Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Using Github Deploy Key

What / Why

Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.

As the name says, its primary function is to be used in the deploy process in replace of username/password, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.

How to

  1. Generate a ssh key

    run ssh-keygen -t rsa -b 4096 -C "{email}", leave the password empty as you want the deploy process keyboard-less.

    after the generation, file id_rsa and id_rsa.pub can be found under .ssh folder.

  2. add ssh key to repo's "Deploy keys" setting

    cat .ssh/id_rsa.pub

    URL: https://github.com/{user}/{repo}/settings/keys

  3. Setup the git ssh key on the client machine

    Git normally use the ssh key found in .ssh/id_rsa under user's home folder, so first you need to find out the home directory of the user.

    for example, on Ubuntu/Debian, in default, user www-data's home directory is /var/www, so the ssh key file is /var/www/.ssh/id_rsa).

    Then copy the id_rsa file from Step 1 to the right directory.

    You can test the connection by:

    sudo -u {user} ssh -T git@github.com

    *You might need to grant Github's key to known hosts.

    If everything went well, you can see:

    Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.
    

    Then you are all set!

    Attention: make sure your repo url use git protocol not http, which means use

    git@github.com:{user}/{repo}.git
    

    not

    https://github.com/{user}/{repo}.git
    

*Using multiple deploy key with different repo on the same machine

You can use /.ssh/config file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.

Reference

  1. Read-only deploy keys

  2. Generating SSH keys

  3. Using Multiple Github Deploy Keys for a Single User on a Single Linux Server

@zhujunsan
Copy link
Author

zhujunsan commented Jun 9, 2020

Typo: id_rsa ( not id_ras )

  1. add ssh key to repo's "Deploy keys" setting
    cat .ssh/id_ras.pub

should be

cat .ssh/id_rsa.pub

Just saw, fixed, thanks

@asgharhussain
Copy link

asgharhussain commented Feb 2, 2021

This works for me, but I dont put in the owner for the git command.

@vbalas
Copy link

vbalas commented Feb 12, 2021

Can you provide the commands for windows also ?

@zhujunsan
Copy link
Author

zhujunsan commented Feb 16, 2021

Can you provide the commands for windows also ?

On Windows it's a little bit complicate, which environment do you use? Git from git-scm (which uses mingw as shell environment), git from GitHub (don't know, not using it, but I assume it should be easy to do so as it should be some official docs about this), or wsl(which is almost the same as Linux one)?

@MichaelCurrin
Copy link

MichaelCurrin commented Feb 22, 2021

Typo fix:

-protocl
+protocol

@zhujunsan
Copy link
Author

zhujunsan commented Apr 15, 2021

Typo fix:

-protocl
+protocol

Done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment