Github Deploy Key Setup Guide - UMCST/SPICE-user-info GitHub Wiki

When working on a project with a private Github repository on a remote system, the user on the remote system needs to be granted access to read from and write to the repository. On systems in the SPICE infrastructure, deploy keys are used to grant and manage access to privately-hosted repositories. A deploy key uses public-key cryptography with a private key on the remote system and the public key on the repository host (Github). This article details how to create, upload, and use deploy keys to work with multiple/private repositories on a system.

Github’s documentation for Managing deploy keys is highly relevant to this article, which will use and expand upon the contents for application to the SPICE infrastructure.

1. Log in to the account on the system that the deploy key will be set up for. Note that administrative privileges are not required.
2. Generate a key-pair using ssh-keygen. Run the following command, with the comment reflecting the user and host it’s being set up for.
   ssh-keygen -t rsa -C "spiceadmin@<hostname>"
3. When prompted for the file to save the key, save to the local user’s .ssh directory with a unique name. For simplicity, use the name of the repository the deploy key will be attached to.
   /home/spiceadmin/.ssh/
4. Optionally enter a passphrase to be used when the key is used to read or write to the repository.
5. Verify that the key was saved to the correct place by listing the contents of the .ssh directory.
   ls -al ~/.ssh/

A deploy key pair needs to be established for each repository to be worked with on the system. To establish which private key is used to authenticate on each repository, an entry must be made in the local user’s ~/.ssh/config file. When multiple repositories are being configured on one system, this is a required step.

1. Open the local user’s ~/.ssh/config file in a text editor. If the file does not exist, create it.
2. Add the following entry to the file.

Host <SPICE-repository>
	Hostname github.com
	User git
	IdentityFile /home/<user>/.ssh/<keyfile>

• The Host line is the alias that will be used for git operations, so give it the name of the repository.\
• The Hostname line is the host of the repository (github.com)\
• The User line is the user for git actions over SSH (git)\
• The IdentityFile line is the path of the generated private key.

3. Save the file.
   
   

1. Log in to github.com and go to the repository to add the key to. Note that admin access to the repository is required to add a deploy key.
2. Access the repository settings from the top bar.
   
   
3. Access the deploy key menu on the left bar.
4. Select Add deploy key.
5. Enter the public key generated in Creating a deploy key pair, step 6. Enter the same user and hostname as used to generate the key in the Title bar, and in the Key area paste the entire contents of the public key. This should be located at
   ~/.ssh/.pub.
   
   
6. Check Allow write access if the account on the remote server should have permission to commit and push changes to the repository.
7. Select Add key.

Git can now be used normally to clone, pull, push, etc. from the repository using SSH. Instead of specifying the host as “github.com”, the host should be specified as the name of the host in the ~/.ssh/config file. To clone from a repository, the following command can be used:

git clone git@[name of host in ssh config]:[owner]/[git config]

NOTE: typically the string copied from the GitHub Web UI points at just github.com.

For example, to clone from a repository owned by UMCST with the name <SPICE-repository-example>:

git clone git@<SPICE-repository-example>:UMCST/<SPICE-repository-example>.git