DEV Community

John  Ajera
John Ajera

Posted on • Edited on

1

How to Configure GitHub Authentication Using SSH Certificates

How to Configure GitHub Authentication Using SSH Certificates

Using SSH certificates to authenticate with GitHub is a secure and efficient way to manage your repositories. This guide will walk you through the process step by step.


1. Generate an SSH Key Pair

First, create a new SSH key pair or use an existing one.

Run the following command:

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519_github -C "ssh key for github"
Enter fullscreen mode Exit fullscreen mode
  • -o: Ensures the private key file is saved in the new OpenSSH format for improved security.
  • -a 100: Specifies the number of rounds for the key derivation function, enhancing brute-force resistance.
  • Enter a passphrase (optional but recommended for added security).

2. Add the SSH Key to Your SSH Agent

Next, ensure your SSH key is available to the SSH agent.

Start the SSH agent:

eval "$(ssh-agent -s)"
Enter fullscreen mode Exit fullscreen mode

Add your private key:

ssh-add ~/.ssh/id_ed25519_github
Enter fullscreen mode Exit fullscreen mode

3. Persist SSH Key Across Sessions

To ensure your SSH key is always loaded when you open a new terminal session, there are two main methods. The recommended method is to configure your SSH settings, while the alternative is to modify your .bashrc file.

Recommended: Configure SSH to Automatically Add the Key

Edit (or create) your SSH config file:

nano ~/.ssh/config
Enter fullscreen mode Exit fullscreen mode

Add the following lines:

Host github.com
  IdentityFile ~/.ssh/id_ed25519_github
  AddKeysToAgent yes
Enter fullscreen mode Exit fullscreen mode

This ensures that your SSH key is automatically loaded by the SSH agent when needed.

Alternative: Load the SSH Key in .bashrc

If you want to explicitly load the SSH key every time a new terminal session starts, add the following command to your ~/.bashrc (or ~/.bash_profile on macOS):

echo 'eval "$(ssh-agent -s)" && ssh-add ~/.ssh/id_ed25519_github' >> ~/.bashrc
Enter fullscreen mode Exit fullscreen mode

Then reload your shell configuration:

source ~/.bashrc
Enter fullscreen mode Exit fullscreen mode

This ensures the SSH agent starts automatically and the key is added every time you open a new terminal session.

4. Add the Public Key to Your GitHub Account

Now, link your public SSH key to your GitHub account:

  1. Copy the contents of your public key:
   cat ~/.ssh/id_ed25519_github.pub
Enter fullscreen mode Exit fullscreen mode

Note: Ensure that you only share the public key file (e.g., id_ed25519_github.pub) and never share your private key file (e.g., id_ed25519_github).

  1. Add the key to GitHub:
    • Open GitHub SSH Settings.
    • Click New SSH key.
    • Paste your public key into the key field.
    • Give it a descriptive title and save it.

5. Configure SSH for GitHub

To ensure GitHub uses the correct SSH key, configure your SSH settings:

Edit (or create) the ~/.ssh/config file:

nano ~/.ssh/config
Enter fullscreen mode Exit fullscreen mode

Add the following configuration:

Host github.com
  HostName github.com
  IdentityFile ~/.ssh/id_ed25519_github
  IdentitiesOnly yes
Enter fullscreen mode Exit fullscreen mode

Note: This ensures that only the specified identity file is used, which is crucial in environments with multiple SSH keys to avoid authentication errors.

Save and exit the file.


6. Test Your SSH Connection

Verify that GitHub recognizes your SSH setup by running:

ssh -T git@github.com
Enter fullscreen mode Exit fullscreen mode

If everything is set up correctly, you should see a success message:

Hi username! You've successfully authenticated, but GitHub does not provide shell access.
Enter fullscreen mode Exit fullscreen mode

Note: If this step fails, ensure the following:

  • Verify that the SSH key has the correct permissions by running chmod 600 ~/.ssh/id_ed25519_github.
  • Confirm that the public key is added to your GitHub account.
  • Check that the ~/.ssh/config file is properly configured.

7. Use SSH for GitHub Repositories

Finally, use SSH URLs for GitHub repositories:

  • Clone a repository using SSH:
  git clone git@github.com:username/repository.git
Enter fullscreen mode Exit fullscreen mode
  • Update an existing repository's remote URL to use SSH:
  git remote set-url origin git@github.com:username/repository.git
Enter fullscreen mode Exit fullscreen mode

Tip: To confirm that the remote URL has been updated successfully, run:

  git remote -v
Enter fullscreen mode Exit fullscreen mode

Conclusion

With this setup, you've configured GitHub to authenticate using SSH certificates and ensured that your private key is always loaded in new terminal sessions. This provides a secure and efficient method for managing your repositories. Let me know in the comments if you have any questions or tips to share!


Please leave your appreciation by commenting on this post!

It takes one minute and is worth it for your career.

Get started

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay