DEV Community

HakamRaza
HakamRaza

Posted on • Edited on

[Linux] SSH to GitHub

Some intro

  • GitHub do provide option to use SSH to connect and do many things same as using the standard CLI.
  • And there are some functionalities offered by using SSH that make life easier, for example no need for token to pull your branch.
  • This is how to change your repo connection to use SSH. This is done in linux ubuntu OS.

GitHub connection types


Setting Up SSH keys and Permission

  • For this, you can use existing user or create a new user specifically for deployment/pull/push through SSH.
cd ~

# create .ssh folder inside user home directory
mkdir .ssh

# generate key private and public (.pub) using ssh-keygen, and give name like "github_dev".
# Optional, dont assign passphrase if you want to use it for CLI.
ssh-keygen -t ed25519-sk -C "your_email@example.com"

# check ssh agent running
eval $(ssh-agent -s)

# register only private key (no .pub) generated to ssh agent
ssh-add ~/.ssh/<private_key_file>
Enter fullscreen mode Exit fullscreen mode

  • for secure linux and current user to read private key to execute GitHub CLI, update the permission for access.
# change permission key file for read-only
cd ~/.ssh
chmod 644 <private_key>
sudo chgrp <username> <private_key>

# change permission to folder .ssh
cd ~
chmod 700 .ssh
sudo chgrp <username> .ssh

Enter fullscreen mode Exit fullscreen mode

  • you also can directly define any SSH connection to GitHub to use the private key generated by creating 'config' file
# config connection using ssh and correct key file
nano .ssh/config

# paste the following into the 'config' file
Host github.com
Hostname ssh.github.com
Port 443
User git
IdentityFile ~/.ssh/<private_key> #generated private key location
Enter fullscreen mode Exit fullscreen mode

Register public key generated to GitHub account.

Register public key at github account


Check Signature Github.

  • use the command below to cross check signature of the ssh agent is the same as displayed by GitHub
ssh-add -l -E sha256
Enter fullscreen mode Exit fullscreen mode

checking key's hash is the same


Testing GitHub SSH Connection

  • test successful connection through SSH to GitHub by:
# testing connection to github
ssh -T git@github.com

# testing with more details for troubleshooting
ssh -vT git@github.com
Enter fullscreen mode Exit fullscreen mode

Update Repository Remote URL

  • After successful connection through SSH, change current local repository remote to use SSH
  • usually the remote url is like this:
# Check connection profile setup
git remote -v

# result 
# origin  https://github.com/****.git (fetch)
# origin  https://github.com/****.git (push)
Enter fullscreen mode Exit fullscreen mode
  • you can either update original 'origin' or add new one like 'myssh'
  • the address can be refer back here: GitHub connection types
# add ssh connection profile 'myssh'
git remote add myssh ssh://git@****.git

# result 
# origin  https://github.com/****.git (fetch)
# origin  https://github.com/****.git (push)
# myssh     git@github.com:****.git (fetch)
# myssh     git@github.com:****.git (push)


# update existing connection profile 'origin' to use SSH
git remote set-url origin git@github.com:****.git

# result 
# origin     git@github.com:****.git (fetch)
# origin     git@github.com:****.git (push)

# update back to use HTTP
git remote set-url origin https://github.com/****.git
Enter fullscreen mode Exit fullscreen mode
  • example using GitHub CLI through SSH connection profile different than default 'origin'
# using 'myssh' connection profile
git checkout myssh/<branch name> -b <new branch name>
Enter fullscreen mode Exit fullscreen mode

User Connection Issue

  • There will be an issue sometimes with linux system user especially when using 'sudo'. In this case, the one executing CLI is not the current user but by the 'root' system user.
  • In this case, to maintain user profile, use '-E' flag:
sudo -E git fetch
Enter fullscreen mode Exit fullscreen mode

Bash Script

  • Example a bash script to pull the 'develop' branch.
  • The ssh-agent may need to be started again in linux.
#!/bin/bash

# start ssh-agent and register back private key
eval $(ssh-agent -s)
ssh-add ~/.ssh/<private_key_file>

# Go to project epo
cd /var/www/<local repository directory>

# Checkout 'develop' branch
git checkout develop

# Update connection profile
# git remote set-url origin git@github.com:*****.git

# Pull latest changes
git pull

# Checkout by latest tag
# git fetch --tags
# tag=$(git describe --tags `git rev-list --tags --max-count=1`)
# echo $tag
# git checkout $tag -b latest

# Set back to HTTP
# git remote set-url origin https://github.com/*****.git

#
# Additional steps
#

echo Done
Enter fullscreen mode Exit fullscreen mode

Top comments (0)