Using Github Deploy Key

Using Github Deploy Key.md

What / Why

Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.

As the name says, its primary function is to be used in the deploy process, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.

How to

1. Generate a ssh key

   run ssh-keygen -t rsa -b 4096 -C "{email}", leave the password empty as you want the deploy process keyboard-less.

   after the generation, file id_rsa and id_rsa.pub can be found under .ssh folder.

2. add ssh key to repo's "Deploy keys" setting

   cat .ssh/id_ras.pub

   URL: https://github.com/{user}/{repo}/settings/keys

3. Setup the git ssh key on the client machine

   Git normally use the ssh key found in .ssh/id_rsa under user's home folder, so first you need to find out the home directory of the user.

   for example, on Ubuntu/Debian, in default, user www-data's home directory is /var/www, so the ssh key file is /var/www/.ssh/id_rsa).

   Then copy the id_rsa file from Step 1 to the right directory.

   You can test the connection by:

   sudo -u {user} ssh -T [email protected]

   *You might need to grant Github's key to known hosts.

   If everything went well, you can see:

   Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.
   

   Then you are all set!

   Attention: make sure your repo url use git protocl not http, which means use

   [email protected]:{user}/{repo}.git
   

   not

   https://github.com/{user}/{repo}.git
   

*Using multiple deploy key with different repo on the same machine

You can use /.ssh/config file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.

Reference

1. Read-only deploy keys

2. Generating SSH keys

3. Using Multiple Github Deploy Keys for a Single User on a Single Linux Server