Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

Authenticating with GitHub typically involves using an access token or password. However, these methods can be inconvenient and insecure, especially when accessing GitHub from multiple devices.

GitHub provides the option to use Secure Shell (SSH) for authentication. SSH presents a secure network protocol for remote machine access. This feature proves especially valuable in situations that demand automation or frequent remote access.

MAKEUSEOF VIDEO OF THE DAY
SCROLL TO CONTINUE WITH CONTENT

Understanding SSH Authentication

Authentication with SSH involves the use of cryptographic keys to establish a secure connection (tunnel) between a client (local machine) and a server (GitHub).

When using SSH for GitHub, a user generates a pair of SSH keys—a public key and a private key. The public key is uploaded to the user's GitHub account, while the private key remains securely stored on the user's local machine.

image showing communication between an ssh agent and github server

The process can be likened to the concept of a lock and key. The public key (lock) is intended to be openly shared and securely stored on the server side. It serves as a counterpart to the private key, enabling the server to verify the identity of your local machine. Conversely, the private key (key) acts as a unique identifier stored exclusively on your local machine, enabling successful authentication with the server.

During authentication with GitHub, your local machine presents its private key as proof of identity. The server checks if the corresponding public key associated with your GitHub account matches the given private key. If the keys match, the server grants access, establishing an encrypted and secure connection for communication.

Setting Up SSH for GitHub

In this section, you'll see how to set up SSH for authentication with GitHub.

1. Generating SSH Key Pair

The process of generating an SSH key pair is the first step towards utilizing SSH for authentication.

  1. Open your terminal or command prompt.
  2. Execute the following command to generate a new SSH key pair:
      ssh-keygen -t rsa -b 4096 -C "youremail@domain.com"
  3. You will be prompted to enter a file location to save the key pair. Press Enter to accept the default location (~/.ssh/id_rsa) or specify a custom location.
      > Generating public/private rsa key pair.
     > Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
  4. Next, you will be requested to enter a passphrase. Although optional, adding a passphrase serves as an additional level of security. Make sure you remember your passphrase.
      > Enter passphrase (empty for no passphrase): 
     > Enter same passphrase again:
  5. After generating the key pair, you should see two files in the specified location. id_rsa (private key) and id_rsa.pub (public key).
      > Your identification has been saved in /home/vagrant/.ssh/id_rsa.
     > Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
  6. Upon completion, the keys fingerprint and randomart image are displayed.
  7. Lastly, you'll need the content of the public key to add to GitHub. Run the following command to get the content:
      cat ~/.ssh/id_rsa.pub

Make sure to specify the path(~/.ssh/id_rsa.pub in my case) you used when creating the keys.

Copy the content to a safe and temporary location for later use.

2. Adding the Public Key to GitHub

Now that you have generated an SSH key pair, you need to add the public key to your GitHub account.

  1. Log in to your GitHub account and go to your Account Settings.
  2. Click on SSH and GPG keys located on the left sidebar.
    image showing location of ssh and gpg key on gui
  3. Click on New SSH key.
  4. Give your SSH key a Title.
  5. Paste the public key content into the Key field.
    image showing the title and key fields on gui
  6. Finally, click on the Add SSH key to save the SSH key to your GitHub account.
    image showing list of active keys

You've successfully exported the public key to your GitHub Account with these.

3. Configuring an SSH Agent

An SSH agent is a program that helps manage SSH keys and provides a secure way to store and use them. It acts as an intermediary between your local machine and the remote server during SSH authentication. This allows you to manage multiple SSH keys for different GitHub accounts.

  1. Ensure that the SSH agent is running.
      $ eval "$(ssh-agent -s)"
     > Agent pid 2757
  2. Add the private key to the SSH agent.
      $ ssh-add ~/.ssh/id_rsa
     > Enter passphrase for /home/vagrant/.ssh/id_rsa: 
     > Identity added: /home/vagrant/.ssh/id_rsa (/home/vagrant/.ssh/id_rsa)

You've successfully configured an SSH agent to manage your keys.

4. Testing the SSH Connection

You can now test to verify that your SSH connection is set up properly, and you can authenticate to GitHub using SSH.

  • Run the command below to test the SSH connection to GitHub;
       ssh -T git@github.com
    if everything goes fine you'll see a warning concerning the fingerprint. Confirm the fingerprint and type yes to continue.
       > The authenticity of host 'github.com (140.92.130.4)' can't be established.
      > ECDSA key fingerprint is SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM.
      > Are you sure you want to continue connecting (yes/no)?
  • Upon typing yes, you'll see an output similar to the one below.
       > Warning: Permanently added 'github.com,140.92.130.4' (ECDSA) to the list of known hosts.
      > Hi princewillingoo! You've successfully authenticated, but GitHub does not provide shell access.

This shows that authentication was successful.

Managing Repositories With SSH

Configuring SSH allows you to manage your repositories without having to worry about the troubles of passwords and access tokens.

Setting remote URL

 git remote set-url origin git@github.com:<username>/<repository>.git

Cloning a repository

 git clone git@github.com:<username>/<repository>.git

Pushing changes to a repository

 git push origin <branch>

Pulling changes from a repository

 git pull origin <branch>

Advantages of SSH Over Password Authentication

The use of SSH for authentication offers several notable advantages over traditional password-based authentication methods. This includes:

  • SSH authentication eliminates the need for passwords, reducing the risk of credential theft.
  • The use of cryptographic keys makes it more immune to brute-force attacks compared to passwords.
  • If your private key is compromised, you can revoke and replace it, rendering the compromised key useless.

For this reason, SSH authentication tends to be a better option compared to password authentication.

Best Practices and Troubleshooting

To ensure a smooth and secure SSH setup, it is necessary to follow best practices and be aware of common issues that may occur and ways to troubleshoot them.

  1. Always set a passphrase to create an additional layer of security.
  2. Practice frequent key rotation and backups.
  3. Confirm each step to avoid permission errors or incorrect SSH agent configuration.

By adhering to these best practices you can confidently utilize SSH authentication for GitHub.

The Versatility of SSH

SSH is extensively used in other areas to remotely manage servers, microcontrollers and network devices as it allows for secure access to the command-line interface (CLI), enabling users to perform different tasks, configure settings, transfer files, and troubleshoot issues.