Nick Shu. A Fool in the Making

Github and SSH Keys

 
  • Jan 13, 2022

This is a guide to add a SSH key to your Github account.

A good guide is done by Antonio Medeiros here and here.

Existing SSH Keys

First, check and see what are the current SSH keys. This can be done with

$ ls -lah ~/.ssh

total 28K
drwx------  2 nickshu nickshu 4.0K Dec 21 00:45 .
drwx------ 45 nickshu nickshu 4.0K Jan 13 15:00 ..
-rw-------  1 nickshu nickshu 4.2K Dec 29 21:14 known_hosts
-rw-------  1 nickshu nickshu 3.5K Dec 21 00:39 known_hosts.old

Generate a new SSH Key

Next, you need to generate a new key. If you check the man ssh-keygen, you’ll see that the -t tag has 6 different types of keys you can choose from.

  • DSA
  • EcDSA
  • EcDSA-SK
  • Ed25519
  • Ed25519-SK
  • RSA

For more information on some of these types, you may visit https://goteleport.com/blog/comparing-ssh-keys/

$ ssh-keygen -t ed25519 -C "[email protected]"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519):

Here you may either enter a specific path for your key pair, or you may use the default location. Finally, you will be prompted to enter a password. By not adding a password, it will allow your authentication to Github to not require a password

Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

This will create a key pair: a private and a public key on your desired location. The public key will have the extension .pub, whereas the private key will not have an extension. Do not share your private key.

Add the Key to Github

On Github, go to your Settings > SSH and GPG keys, where you will see a list of your SSH keys.

Press on New SSH key and copy and paste your SSH public key (e.g. /home/username/.ssh/mykey.pub).

At this point, the key has been added to your Github account. Now you need to add it to the ssh-agent.

Add your SSH Key to the ssh-agent

One-Time Use

Your SSH agent will help you so that you are not having to add your passphrase every time. First start the ssh-agent in the background.

$ eval "$(ssh-agent -s)"

Next, add the SSH private key to the ssh-agent.

$ ssh-add ~/.ssh/path/to/ssh/private/key

Permanent Use

So, the easiest way to do so is to force the keys to be always kept. This can be done by adding to the ~/.ssh/config file. If your file does not exist, then simply create it and add the private keys

IdentityFile ~/.ssh/github_priv_key
IdentityFile ~/.ssh/server_priv_key

And then change the permissions to 600

$ cd ~/.ssh
$ ls -la
...
-rw-r--r-- 1 nickshu nickshu   58 Jan 13 16:01 config
...

$ chmod 600 ~/.ssh/config
$ ls -la
...
-rw------- 1 nickshu nickshu   58 Jan 13 16:01 config
...

Alternatively, if you’d like to map a specific key to a specific host, you may use the following:

Host github.com
    User git
    IdentityFile ~/.ssh/github_priv_key

Finally, from this point on, you won’t have to add the SSH key to the SSH agent every time. A more thorough answer can be found here

Test your SSH connection

$ ssh -T [email protected]
Hi username! You've successfully authenticated, but GitHub does not provide shell access.

Using your SSH Keys to Verify Commits

You can also verify your commits via yoru SSH key. To do so, you will need to run the following commands:

git config --global gpg.format ssh
git config --global user.signingkey /home/user/.ssh/mykey.pub

This will yield your ~/.gitconfig file to be:

[user]
    email = [email protected]
    name = Nick Shu
    signingkey = /home/user/.ssh/mykey.pub
[gpg]
    format = ssh

Then, on Github’s Settings page, make sure you add another SSH key, and instead of an “Authentication Key”, you set it as “Signing Key” and then you add the same key. From now on, if you wish to do a verified commit, then you should commit it with the -S flag.

git commit -S -m "my message"
Search