-
Notifications
You must be signed in to change notification settings - Fork 0
SSH configuration for GitHub
To organize all your different SSH keys, you can add a config file in your .ssh folder.
This file contains blocks that define each SSH connection to a host (mainly, the host URL and the path to the SSH private key).
In Windows, the .ssh folder can be found in your user profile (%userprofile%)
Here are some examples:
Host DUMMY_SERVER
User TOTO
Hostname DUMMY_SERVER
PreferredAuthentications publickey
IdentityFile ~/.ssh/DUMMY/id_rsaHost TRUCMUCHETRALALA
User TOTO
Hostname DUMMY_SERVER
PreferredAuthentications publickey
IdentityFile ~/.ssh/OTHER_DUMMY/id_rsaIf the first example, you see that the Host is the same as the Hostname, which can have some tricky side effects.
Indeed, If using the Host entry DUMMY_SERVER (ex: ssh titi@DUMMY_SERVER), all the connections to DUMMY_SERVER will use the associated entry, with the TOTO user, even if ANOTHER user is specified (titi in the former example).
To prevent this issue, you can define another value, TRUCMUCHETRALALA in the 2nd example, for the Host entry, that uses the expected real hostname (DUMMY_SERVER here).
To use it, you can type: ssh TRUCMUCHETRALALA.
This 2nd example allows you to connect to DUMMY_SERVER with another user if needed.
To do so, use: ssh otherUser@DUMMY_SERVER
Just add the following block to your config file:
Host github.com
Hostname github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/github/id_rsa|
Important
|
Don’t forget to move your SSH keys in the new github subfolder.
|
It doesn’t define an automic user, but uses the same value for both Host and Hostname.
This will enable you to keep the SSH clone URLs given by GitHub as is.
Example: git clone git@github.com:mojavelinux/dzslides.git
If the Host entry was githubEntry, our git clone URL should have been changed to:
git clone git@githubEntry:mojavelinux/dzslides.git
To test this new SSH configuration for GitHub, you can use:
ssh -T git@github.com
Because of the use of a config, which implies having your SSH keys stored in subfolders of your .ssh one, the procedure given by GitHub to start the ssh-agent needs a minor change.
You still start the agent using:
ssh-agent -s
But, then, you need to add your SSH keys to the agent using:
ssh-add ~/.ssh/github/id_rsa
To check the good working of the procedure, use:
ssh -T git@github.com
You should not be asked a passphrase from now.
GitHub displays SSH keys fingerprints using the md5 fingerprint hashing function, whereas the newer SSH commands will list fingerprints as a SHA256 Key.
Example:
$ ssh-keygen -t rsa -b 4096 -C "ardemius@example"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/Krakpan/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/Krakpan/.ssh/id_rsa.
Your public key has been saved in /c/Users/Krakpan/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vl2OVrKwModHIdamMt1rCA32LBZzD7KX5nY9d7AGKqM ardemius@example
The key's randomart image is:
+---[RSA 4096]----+
| |
| |
| . |
| * = + |
| . & OS. |
| B X.= o o |
| . O +.* =.o |
| X Oo=++ . |
| Eo X..o+.. |
+----[SHA256]-----+To display the fingerprint in the new way, as a SHA256 key, use:
$ ssh-keygen -lf ~/.ssh/id_rsa
4096 SHA256:vl2OVrKwModHIdamMt1rCA32LBZzD7KX5nY9d7AGKqM ardemius@example (RSA)To have it displayed in the GitHub way (the "old" way), use:
$ ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub
4096 MD5:03:4f:24:b2:1f:3a:22:ec:ce:f1:d8:7e:c4:4d:85:ed ardemius@example (RSA)This is very convenient to check that you use the same keys between your desktop and GitHub.
For more details, have a look at:
http://stackoverflow.com/questions/9607295/how-do-i-find-my-rsa-key-fingerprint