Connect with GitHub using SSH

Rakesh Jain
5 min readOct 1, 2021

--

You can connect to GitHub using the Secure Shell Protocol (SSH), which provides a secure channel over an unsecured network.

This is a step by step guide to configure ssh connection with your GitHub account.

STEP 1 — Check if you already have SSH keys

Before generating a new SSH key, you should check if you have any existing SSH keys.

root@lco-linux-worker1:~# ls -la .ssh/
total 24
drwx------ 2 root root 4096 Oct 1 17:52 .
drwx------ 9 root root 4096 Oct 1 18:11 ..
-rw------- 1 root root 993 Apr 13 12:18 authorized_keys
-rw-r--r-- 1 root root 1326 Oct 1 17:58 known_hosts

Check the .ssh directory listing to see if you already have a public SSH key. By default, the filenames of the public keys are one of the following:

  • id_rsa.pub
  • id_ecdsa.pub
  • id_ed25519.pub

As we can see above we don’t have any existing ssh keys available to connect to GitHub. So we will have to generate a new one.

STEP 2— Generating a new SSH key

Run the following command to generate the new ssh key pair.

root@lco-linux-worker1:~/.ssh# ssh-keygenroot@lco-linux-worker1:~/.ssh# ls
authorized_keys id_rsa id_rsa.pub

To generate RSA 4096 bit key (as it provides a reasonable increase in strength over a 2048 bit key) run the following command:

ssh-keygen -t rsa -b 4096

Now you can see see a public and private key pair listed (`id_rsa.pub` and `id_rsa`) that you would like to use to connect to GitHub.

STEP 3 — Adding your SSH key to the ssh-agent

First you need to start the ssh-agent in the background:

# eval "$(ssh-agent -s)"
Agent pid 2020

Add your SSH private key to the ssh-agent:

# ssh-add /root/.ssh/id_rsa

Verify the key fingerprint added:

# ssh-add -l -E sha256# ssh-keygen -l -f id_rsa

STEP 4 — Add the SSH key to your account on GitHub

  • First Copy the SSH public key to your clipboard
  • In the upper-right corner of any page, click your profile photo, then click Settings.
  • In the user settings sidebar, click SSH and GPG keys.
  • Click New SSH key or Add SSH key.
  • In the “Title” field, add a descriptive label for the new key for example here I’ve added the system hostname “lco-linux-worker1” and then Click Add SSH key.
  • If prompted, confirm your GitHub password.

STEP 5 — Verify the SSH connectivity from the client system

Run the following command to verify the Git SSH connectivity.

# ssh -T git@github.com

You may see a warning like this:

> The authenticity of host 'github.com (IP ADDRESS)' can't be established.
> RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
> Are you sure you want to continue connecting (yes/no)?

Verify that the fingerprint in the message you see matches GitHub’s RSA public key fingerprint. If it does, then type yes and that’s all!

Now you can perform various Git operations like cloning, push, pull, commit etc.

Using SSH over the HTTPS port

Sometimes, firewalls refuse to allow SSH connections entirely. If using HTTPS cloning with credential caching is not an option, you can attempt to clone using an SSH connection made over the HTTPS port. Most firewall rules should allow this, but proxy servers may interfere.

To test if SSH over the HTTPS port is possible, run this SSH command:

# ssh -T -p 443 git@ssh.github.com

Enabling SSH connections over HTTPS

If you are able to SSH into git@ssh.github.com over port 443, you can override your SSH settings to force any connection to GitHub to run through that server and port.

To set this in your ssh config, edit the file at ~/.ssh/config, and add this section:

# touch .ssh/config
# chmod 600 .ssh/config
# cat > .ssh/config
Host github.com
Hostname ssh.github.com
Port 443
User git
# ssh -T git@github.com

You can test this by connecting once more to GitHub:

$ ssh -T git@github.com
Hi DevopsVlogger! You've successfully authenticated, but GitHub does not provide shell access

Known Errors

Error —
Github permission denied: ssh add agent has no identities:

Reason —
When ssh-add -l returns “The agent has no identities”, it means that keys used by ssh (stored in files such as ~/.ssh/id_rsa, ~/.ssh/id_dsa, etc.) are either missing, they are not known to ssh-agent, which is the authentication agent, or that their permissions are set incorrectly (for example, world writable).

Solution —
If your keys are missing or if you have not generated any, use ssh-keygen -t rsa, then ssh-add to add them.
If keys exist but are not known to ssh-agent (like if they are in a non-standard folder), use ssh-add /path/to/my-non-standard-ssh-folder/id_rsa to add them.

That is all!

Hope you like the tutorial. Stay tuned and don’t forget to provide your feedback in the response section.

Happy Learning!

--

--