Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Using Github Deploy Key

What / Why

Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.

As the name says, its primary function is to be used in the deploy process in replace of username/password, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.

How to

  1. Generate a ssh key

    run ssh-keygen -t rsa -b 4096 -C "{email}", leave the password empty as you want the deploy process keyboard-less.

    after the generation, file id_rsa and can be found under .ssh folder.

  2. add ssh key to repo's "Deploy keys" setting

    cat .ssh/


  3. Setup the git ssh key on the client machine

    Git normally use the ssh key found in .ssh/id_rsa under user's home folder, so first you need to find out the home directory of the user.

    for example, on Ubuntu/Debian, in default, user www-data's home directory is /var/www, so the ssh key file is /var/www/.ssh/id_rsa).

    Then copy the id_rsa file from Step 1 to the right directory.

    You can test the connection by:

    sudo -u {user} ssh -T

    *You might need to grant Github's key to known hosts.

    If everything went well, you can see:

    Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.

    Then you are all set!

    Attention: make sure your repo url use git protocol not http, which means use{user}/{repo}.git


*Using multiple deploy key with different repo on the same machine

You can use /.ssh/config file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.


  1. Read-only deploy keys

  2. Generating SSH keys

  3. Using Multiple Github Deploy Keys for a Single User on a Single Linux Server

Copy link

zhujunsan commented Apr 15, 2021

Typo fix:



Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment