Test Git SSH operations with temporary keys - no ~/.ssh modifications required

git-ssh-testing-with-temporary-keys.md

Git SSH Testing with Temporary Keys

This gist contains different ways to test git SSH operations using temporary SSH keys without modifying your ~/.ssh directory.

🚀 Quick Interactive Commands

For copy-paste interactive testing:

# 1. Create temp directory and SSH key
mkdir -p /tmp/git_ssh_test && cd /tmp/git_ssh_test
ssh-keygen -t ed25519 -f temp_key -N "" -C "temporary-test-key"

# 2. Show public key (add to GitHub)
cat temp_key.pub

# 3. Setup git SSH command (save original for CI safety)
[[ -n "${GIT_SSH_COMMAND+x}" ]] && ORIGINAL_GIT_SSH_COMMAND="$GIT_SSH_COMMAND" || ORIGINAL_GIT_SSH_COMMAND=""
export GIT_SSH_COMMAND="ssh -i $(pwd)/temp_key -o StrictHostKeyChecking=no"

# 4. Test SSH connectivity
ssh -T [email protected]

# 5. Test fastest git operation
git ls-remote [email protected]:username/repo.git

# 6. Test shallow clone
git clone --depth 1 [email protected]:username/repo.git test_clone

# 7. Cleanup (restore environment)
cd /tmp && rm -rf git_ssh_test
# Restore original GIT_SSH_COMMAND for CI safety
if [[ -n "${ORIGINAL_GIT_SSH_COMMAND+x}" ]]; then
    [[ -n "$ORIGINAL_GIT_SSH_COMMAND" ]] && export GIT_SSH_COMMAND="$ORIGINAL_GIT_SSH_COMMAND" || unset GIT_SSH_COMMAND
fi

🎯 Why These Operations?

• ssh -T [email protected]: Tests SSH auth without git operations
• git ls-remote: Fastest git operation - just lists references
• git clone --depth 1: Fast clone with minimal data transfer

📝 Manual Steps Required

1. Copy the public key from cat temp_key.pub
2. Add it to GitHub → Settings → SSH and GPG keys
3. Run the test commands
4. Remove the key from GitHub when done

⚡ Performance Results

From our test:

• SSH auth: Instant
• git ls-remote: < 1 second
• Shallow clone: ~4 seconds (depends on repo size)

🔒 Security Benefits

• No modification of ~/.ssh/ directory
• Temporary key auto-cleaned up
• Perfect for CI/CD or testing scenarios
• No persistent SSH keys lying around

💡 Advanced Usage

With existing private key content:

# If you have a private key as a string/file
echo "$PRIVATE_KEY_CONTENT" > /tmp/temp_key
chmod 600 /tmp/temp_key
export GIT_SSH_COMMAND="ssh -i /tmp/temp_key -o StrictHostKeyChecking=no"

For automation/scripting:

# Skip host key checking completely
export GIT_SSH_COMMAND="ssh -i /path/to/key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"

Multiple repositories test:

for repo in repo1 repo2 repo3; do
  echo "Testing $repo..."
  git ls-remote "[email protected]:username/$repo.git" || echo "Failed: $repo"
done

🏭 CI/CD Ready Script

For automated testing in CI systems:

#!/bin/bash
# git_ssh_ci_test.sh - CI-safe git SSH testing
set -euo pipefail

REPO_URL="${1:-git@github.com:username/repo.git}"
TEMP_DIR="/tmp/git_ssh_test_$$"
SSH_KEY_PATH="$TEMP_DIR/ci_key"

cleanup() {
    [[ -d "$TEMP_DIR" ]] && rm -rf "$TEMP_DIR"
    if [[ -n "${ORIGINAL_GIT_SSH_COMMAND+x}" ]]; then
        [[ -n "$ORIGINAL_GIT_SSH_COMMAND" ]] && export GIT_SSH_COMMAND="$ORIGINAL_GIT_SSH_COMMAND" || unset GIT_SSH_COMMAND
    fi
}
trap cleanup EXIT

# Generate key and setup
mkdir -p "$TEMP_DIR"
ssh-keygen -t ed25519 -f "$SSH_KEY_PATH" -N "" -C "ci-test-key" >/dev/null

# Save and set GIT_SSH_COMMAND
[[ -n "${GIT_SSH_COMMAND+x}" ]] && ORIGINAL_GIT_SSH_COMMAND="$GIT_SSH_COMMAND" || ORIGINAL_GIT_SSH_COMMAND=""
export GIT_SSH_COMMAND="ssh -i $SSH_KEY_PATH -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"

# Test operations
echo "Testing SSH auth..."
ssh -T [email protected] 2>/dev/null | grep -q "successfully authenticated"

echo "Testing git ls-remote..."
git ls-remote --heads "$REPO_URL" >/dev/null

echo "Testing shallow clone..."
git clone --depth 1 --quiet "$REPO_URL" "$TEMP_DIR/test_clone"

echo "✅ All tests passed!"

Usage: ./git_ssh_ci_test.sh [email protected]:user/repo.git