Github Deploy Key - orleanski/dotfiles GitHub Wiki

What / Why

Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.

As the name says, its primary function is to be used in the deploy process in replace of username/password, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.

How to

1. Generate a ssh key

   run ssh-keygen -t rsa -b 4096 -C "[email protected]", leave the password empty as you want the deploy process keyboard-less.

   after the generation, file id_rsa and id_rsa.pub can be found under .ssh folder.

2. add ssh key to repo's "Deploy keys" setting

   cat .ssh/id_rsa.pub

   URL: https://github.com/{user}/{repo}/settings/keys

3. Setup the git ssh key on the client machine

   Git normally use the ssh key found in ~/.ssh/id_rsa

   You can test the connection by:

   sudo -u {user} ssh -T [email protected]
   

   *You might need to grant Github's key to known hosts.

   If everything went well, you can see:

   Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.
   

   Then you are all set!

   Attention: make sure your repo url use git protocol not http, which means use

   [email protected]:{user}/{repo}.git
   

   not

   https://github.com/{user}/{repo}.git
   

*Using multiple deploy key with different repo on the same machine

You can use /.ssh/config file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.

Reference

1. Read-only deploy keys

2. Generating SSH keys

3. Using Multiple Github Deploy Keys for a Single User on a Single Linux Server

4. Original article