SSH Setup and Commit Signing with SSH

ssh-setup.md

SSH Setup and Commit Signing with SSH

This guide sets up SSH for GitHub access and enables signed Git commits using your SSH key.

---

🔐 Generate SSH Key

If you don't have one yet:

ssh-keygen -t ed25519 -C "[email protected]"

This creates ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519.pub.

---

🚀 Add SSH Key to GitHub

1. Copy the public key:

cat ~/.ssh/id_ed25519.pub

2. Go to GitHub → Settings → SSH and GPG keys → New SSH key

3. Paste the key and save.

---

🧠 SSH Agent and Config

Start the SSH agent and add your key:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Optional: Add to ~/.ssh/config

Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes

---

✅ Test SSH Auth

ssh -T [email protected]

You should see:
Hi username! You've successfully authenticated...

---

✍️ Enable SSH Commit Signing

1. Set Git to use SSH for signing:

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global commit.gpgsign true

---

2. Create allowed_signers file:

mkdir -p ~/.config/git

Add this to ~/.config/git/allowed_signers:

[email protected] ssh-ed25519 AAAAC3... (from your .pub file)

Then:

git config --global gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers

---

🧪 Test a Signed Commit

git commit --allow-empty -m "Test signed commit"
git log --show-signature

You should see something like:

gpg: Good signature from "[email protected]"

GitHub will show a ✅ Verified badge if everything is set up right.

---

📌 Notes

• GitHub only verifies commits signed with keys added in your SSH settings.
• ed25519 keys are preferred over rsa.
• You can use a separate key just for signing if you want.

---

That's it! You're all set with SSH auth + commit signing. 🔐