Generating SSH Key and Adding it to the ssh-agent for Authentication on GitHub
Posted: Fri May 17, 2024 8:12 pm
When you git commit -m "Some comments"
You may get this message
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity. Omit --global to set the identity only in this repository.
So this requires you to use your email and user name associated with your GitHub account to configure credentials for authentication, however, support for password authentication was removed on August 13, 2021.
What should you do then?
You can access and write data in repositories on GitHub.com using SSH (Secure Shell Protocol). When you connect via SSH, you will be required to authenticate using a private key file on your local machine. If you do not have an SSH key, you can generate a new SSH key on your local machine. After you generate the private-public key pair, you can add the public key to your account on GitHub.com to enable authentication for Git operations over SSH.
It's important to note that RSA keys (ssh-rsa) with a valid_after before November 2, 2021 may continue to use any signature algorithm, but RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures. This type of encryption called asymmetric encryption also known as public key encryption, uses a public key-private key pairing. It uses two keys, one for encryption and one for decryption. The encryption key (also known as the public key) can be shared to others, while the decryption key (known as the private key) is confidential.
Steps to establishing the key-pairing for signing, committing or authentication includes executing the text below on a terminal, replacing the email used in the example with your GitHub email address:
When you're prompted to "Enter a file in which to save the key", you can press Enter to accept the default file location. Please note that if you created SSH keys previously, ssh-keygen may ask you to rewrite another key, in which case it is recommended to create a custom-named SSH key. To do so, type the default file location and replace id_ALGORITHM with your custom key name.
Be aware that if you are using a legacy system that doesn't support the Ed25519 algorithm or unsure, use:
to create a new SSH key, using the provided email as a label.
In our case, we will use the first option.
Practical Example Creating and Using SSH Keys to Authenticate on GitHub
1. Check for existing SSH keys
First, check if you already have SSH keys set up on your computer. You can do this by running the following command in your terminal. Remember if you named your SSH key files differently.
Look for files named id_rsa (private key) and id_rsa.pub (public key) or any other files you used to save the keys. If they exist, you can proceed to the next step. If not, you will need to generate a new SSH key pair.
2. Generate a new SSH key pair
If you don't have an SSH key pair, you can generate one by running the following command in your terminal:
Follow the prompts to create a new SSH key pair. Make sure to enter a passphrase to add an extra layer of security. Entering a passphrase is optional, leave blank and hit Enter if you do not need it.
Note:
When you generate an SSH key, you can add a passphrase to further secure the key. Whenever you use the key, you must enter the passphrase. If your key has a passphrase and you don't want to enter the passphrase every time you use the key, you can add your key to the SSH agent. The SSH agent manages your SSH keys and remembers your passphrase. See in a sequel, Adding your SSH key to the ssh-agent.
You may face the "Permission denied" error when trying to save the SSH key to the specified file path. Sometimes, the permission issue can be resolved by running the ssh-keygen command with elevated privileges using sudo. You can try running the following command:
This will prompt you to enter your administrator password to run the command with elevated permissions. After running the command, you will see more or less similar prompts as below:
3. Check for the created SSH keys:
This gives the output similar to
4. Adding your SSH key to the ssh-agent
Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key.
4 (a) Start the ssh-agent in the background
Execute
Output:
Depending on your environment, you may need to use a different command. For example, you may need to use root access by running sudo -s -H before starting the ssh-agent, or you may need to use exec ssh-agent bash or exec ssh-agent zsh to run the ssh-agent.
4 (b) Add your SSH private key to the ssh-agent
If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file:
In our case:
Output:
5. Add your SSH public key to your GitHub account
Copy the contents of your SSH public key (id_rsa.pub file) by running:
Output:
Then, go to your GitHub account settings, navigate to "SSH and GPG keys," and click on "New SSH key." Paste the copied public key into the "Key" field and save it.
6. Use SSH URL
Double-check that you are using the SSH URL when cloning or setting the remote repository in Git:
For example:
Without running these commands, you may be asked to supply credentials and get the error message below, for example when you try to push local contents on Github, git push -u origin master:
7. Test your SSH connection
To test your SSH connection to GitHub, run the following command in your terminal:
ssh -T git@github.com
You should see a message confirming that you've successfully authenticated with GitHub:
8. Start Using Git and GitHub
You can now start carrying out various git and GitHub operations, such as:
See some reference:
viewtopic.php?t=5137
You may get this message
git config --global user.email "you@example.com"
git config --global user.name "Your Name"
to set your account's default identity. Omit --global to set the identity only in this repository.
So this requires you to use your email and user name associated with your GitHub account to configure credentials for authentication, however, support for password authentication was removed on August 13, 2021.
What should you do then?
You can access and write data in repositories on GitHub.com using SSH (Secure Shell Protocol). When you connect via SSH, you will be required to authenticate using a private key file on your local machine. If you do not have an SSH key, you can generate a new SSH key on your local machine. After you generate the private-public key pair, you can add the public key to your account on GitHub.com to enable authentication for Git operations over SSH.
It's important to note that RSA keys (ssh-rsa) with a valid_after before November 2, 2021 may continue to use any signature algorithm, but RSA keys generated after that date must use a SHA-2 signature algorithm. Some older clients may need to be upgraded in order to use SHA-2 signatures. This type of encryption called asymmetric encryption also known as public key encryption, uses a public key-private key pairing. It uses two keys, one for encryption and one for decryption. The encryption key (also known as the public key) can be shared to others, while the decryption key (known as the private key) is confidential.
Steps to establishing the key-pairing for signing, committing or authentication includes executing the text below on a terminal, replacing the email used in the example with your GitHub email address:
- ssh-keygen -t ed25519 -C "your_email@example.com"
Be aware that if you are using a legacy system that doesn't support the Ed25519 algorithm or unsure, use:
- ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
In our case, we will use the first option.
Practical Example Creating and Using SSH Keys to Authenticate on GitHub
1. Check for existing SSH keys
First, check if you already have SSH keys set up on your computer. You can do this by running the following command in your terminal. Remember if you named your SSH key files differently.
- ls -al ~/.ssh
Look for files named id_rsa (private key) and id_rsa.pub (public key) or any other files you used to save the keys. If they exist, you can proceed to the next step. If not, you will need to generate a new SSH key pair.
2. Generate a new SSH key pair
If you don't have an SSH key pair, you can generate one by running the following command in your terminal:
- ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Follow the prompts to create a new SSH key pair. Make sure to enter a passphrase to add an extra layer of security. Entering a passphrase is optional, leave blank and hit Enter if you do not need it.
Note:
When you generate an SSH key, you can add a passphrase to further secure the key. Whenever you use the key, you must enter the passphrase. If your key has a passphrase and you don't want to enter the passphrase every time you use the key, you can add your key to the SSH agent. The SSH agent manages your SSH keys and remembers your passphrase. See in a sequel, Adding your SSH key to the ssh-agent.
You may face the "Permission denied" error when trying to save the SSH key to the specified file path. Sometimes, the permission issue can be resolved by running the ssh-keygen command with elevated privileges using sudo. You can try running the following command:
- sudo ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
- $sudo ssh-keygen -t rsa -b 4096 -C "administrator@tssfl.com"
- [sudo] password for tssfl:
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa
- Your public key has been saved in /root/.ssh/id_rsa.pub
- The key fingerprint is:
- SHA25WeElvT2puyp5OFs65reYNvkNLyynV1x3LGyHyPoAUs administrator@tssfl.com
- The key's randomart image is:
- +---[RSA 4096]----+
- | E T |
- | + o . o |
- | * C . 8. o |
- | @ = ..=|
- | B C. S.. +.++|
- | . oo = *o |
- | .. X Wo ... |
- | o =.*o .. .|
- | . ...oo+=. . |
- +----[SHA256]-----+
3. Check for the created SSH keys:
- $ls -al ~/.ssh
- total 84
- drwx------ 2 tssfl tssfl 4096 Apr 20 21:32 .
- drwxr-x--- 39 tssfl tssfl 40960 Apr 20 21:05 ..
- -rw------- 1 tssfl tssfl 576 Sep 16 2023 authorized_keys
- -r-------- 1 tssfl tssfl 2610 Sep 15 2023 id_rsa
- -rw------- 1 tssfl tssfl 3389 Sep 16 2023 id_rsa_local
- -rw-r--r-- 1 tssfl tssfl 747 Sep 16 2023 id_rsa_local.pub
- -rw-r--r-- 1 tssfl tssfl 575 Sep 15 2023 id_rsa.pub
- -rw-r--r-- 1 tssfl tssfl 583 Sep 16 2023 id_rsa.pub.save
- -rw------- 1 tssfl tssfl 1910 Apr 20 21:32 known_hosts
- -rw-rw-r-- 1 tssfl tssfl 725 Sep 23 2023 known_hosts2
- -rw------- 1 tssfl tssfl 1074 Apr 20 21:32 known_hosts.old
4. Adding your SSH key to the ssh-agent
Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key.
4 (a) Start the ssh-agent in the background
Execute
- $eval "$(ssh-agent -s)"
- Agent pid 97882
4 (b) Add your SSH private key to the ssh-agent
If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_ed25519 in the command with the name of your private key file:
- ssh-add ~/.ssh/id_ed25519
- $ssh-add ~/.ssh/id_rsa
- Identity added: /home/tssfl/.ssh/id_rsa (tssfl@TSSFL-ThinkBook)
5. Add your SSH public key to your GitHub account
Copy the contents of your SSH public key (id_rsa.pub file) by running:
- cat ~/.ssh/id_rsa.pub
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCUC1jmx+Cr24o6PImq88DvoZCH7zNALj3UNdJ28ihIkCu7fbWt8CxP4NW7uu+FL4MFt7dugC0Tv95hsuvnb3tX+ruyRTFpKkgqaKiPF1T2SWK+MNRgGeK5mb3m/A6G9Cchfs+OUzfHjHq6AWC7rikhfDg1hO+CWBA9x3mOeLAtBVIXGaGyYPrSGgi43Z3yRgcXBQ31b+QSoLJcxfOuXZNWjkEqtYp8jXOWFU7OfcCgKTS2uAvFr8F1+bEXczSk+Lxd3b6QeIXojeZpsJ3QQzqK3UbiEcTOEkPGpWt5tG82LN/mrvs13RFuDn4zhEv/9w6BAy9gsaoxvsQ7Qni0rUn8qtcItN8O9MZyz+2d+Mo91m0QbBWAO5S6jPOg8BXteSAgmH5QY7yIGFgIkvFfH8eK5ZH5lF/OvgJXiBMokVvFl48oX7CnxF2Grh+15YQAU2BHYhfCG0rLmGlbOdDozeQ4P4UIKk7NlK6Ih37DEipNiLPAAVdjrfhOZfWDWAgaCzM= tssfl@TSSFL-ThinkBook
6. Use SSH URL
Double-check that you are using the SSH URL when cloning or setting the remote repository in Git:
- git remote add origin git@github.com:username/repository.git
- git remote set-url origin git@github.com:username/repository.git
- git remote add origin git@github.com:TSSFL/Graphs.git
- git remote set-url origin git@github.com:TSSFL/Graphs.git
- Username for 'https://github.com': TSSFL
- Password for 'https://TSSFL@github.com':
- remote: Support for password authentication was removed on August 13, 2021.
- remote: Please see https://docs.github.com/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
7. Test your SSH connection
To test your SSH connection to GitHub, run the following command in your terminal:
ssh -T git@github.com
You should see a message confirming that you've successfully authenticated with GitHub:
- $ssh -T git@github.com
- Hi TSSFL! You've successfully authenticated, but GitHub does not provide shell access.
You can now start carrying out various git and GitHub operations, such as:
- $git push -u origin master
- Enumerating objects: 6, done.
- Counting objects: 100% (6/6), done.
- Delta compression using up to 12 threads
- Compressing objects: 100% (6/6), done.
- Writing objects: 100% (6/6), 4.65 KiB | 1.55 MiB/s, done.
- Total 6 (delta 0), reused 0 (delta 0), pack-reused 0
- remote:
- remote: Create a pull request for 'master' on GitHub by visiting:
- remote: https://github.com/TSSFL/Graphs/pull/new/master
- remote:
- To github.com:TSSFL/Graphs.git
- * [new branch] master -> master
- branch 'master' set up to track 'origin/master'.
viewtopic.php?t=5137