Connect with GitHub using SSH
You can connect to GitHub using the Secure Shell Protocol (SSH), which provides a secure channel over an unsecured network.
This is a step by step guide to configure ssh connection with your GitHub account.
STEP 1 — Check if you already have SSH keys
Before generating a new SSH key, you should check if you have any existing SSH keys.
root@lco-linux-worker1:~# ls -la .ssh/
total 24
drwx------ 2 root root 4096 Oct 1 17:52 .
drwx------ 9 root root 4096 Oct 1 18:11 ..
-rw------- 1 root root 993 Apr 13 12:18 authorized_keys
-rw-r--r-- 1 root root 1326 Oct 1 17:58 known_hosts
Check the .ssh
directory listing to see if you already have a public SSH key. By default, the filenames of the public keys are one of the following:
- id_rsa.pub
- id_ecdsa.pub
- id_ed25519.pub
As we can see above we don’t have any existing ssh keys available to connect to GitHub. So we will have to generate a new one.
STEP 2— Generating a new SSH key
Run the following command to generate the new ssh key pair.
root@lco-linux-worker1:~/.ssh# ssh-keygenroot@lco-linux-worker1:~/.ssh# ls
authorized_keys id_rsa id_rsa.pub
To generate RSA 4096 bit key (as it provides a reasonable increase in strength over a 2048 bit key) run the following command:
ssh-keygen -t rsa -b 4096
Now you can see see a public and private key pair listed (`id_rsa.pub` and `id_rsa`) that you would like to use to connect to GitHub.
STEP 3 — Adding your SSH key to the ssh-agent
First you need to start the ssh-agent in the background:
# eval "$(ssh-agent -s)"
Agent pid 2020
Add your SSH private key to the ssh-agent:
# ssh-add /root/.ssh/id_rsa
Verify the key fingerprint added:
# ssh-add -l -E sha256# ssh-keygen -l -f id_rsa
STEP 4 — Add the SSH key to your account on GitHub
- First Copy the SSH public key to your clipboard
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the user settings sidebar, click SSH and GPG keys.
- Click New SSH key or Add SSH key.
- In the “Title” field, add a descriptive label for the new key for example here I’ve added the system hostname “lco-linux-worker1” and then Click Add SSH key.
- If prompted, confirm your GitHub password.
STEP 5 — Verify the SSH connectivity from the client system
Run the following command to verify the Git SSH connectivity.
# ssh -T git@github.com
You may see a warning like this:
> The authenticity of host 'github.com (IP ADDRESS)' can't be established.
> RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
> Are you sure you want to continue connecting (yes/no)?
Verify that the fingerprint in the message you see matches GitHub’s RSA public key fingerprint. If it does, then type yes
and that’s all!
Now you can perform various Git operations like cloning, push, pull, commit etc.
Using SSH over the HTTPS port
Sometimes, firewalls refuse to allow SSH connections entirely. If using HTTPS cloning with credential caching is not an option, you can attempt to clone using an SSH connection made over the HTTPS port. Most firewall rules should allow this, but proxy servers may interfere.
To test if SSH over the HTTPS port is possible, run this SSH command:
# ssh -T -p 443 git@ssh.github.com
Enabling SSH connections over HTTPS
If you are able to SSH into git@ssh.github.com
over port 443, you can override your SSH settings to force any connection to GitHub to run through that server and port.
To set this in your ssh config, edit the file at ~/.ssh/config
, and add this section:
# touch .ssh/config
# chmod 600 .ssh/config
# cat > .ssh/config
Host github.com
Hostname ssh.github.com
Port 443
User git# ssh -T git@github.com
You can test this by connecting once more to GitHub:
$ ssh -T git@github.com
Hi DevopsVlogger! You've successfully authenticated, but GitHub does not provide shell access
Known Errors
Error —
Github permission denied: ssh add agent has no identities:
Reason —
When ssh-add -l
returns “The agent has no identities”, it means that keys used by ssh
(stored in files such as ~/.ssh/id_rsa
, ~/.ssh/id_dsa
, etc.) are either missing, they are not known to ssh-agent
, which is the authentication agent, or that their permissions are set incorrectly (for example, world writable).
Solution —
If your keys are missing or if you have not generated any, use ssh-keygen -t rsa
, then ssh-add
to add them.
If keys exist but are not known to ssh-agent
(like if they are in a non-standard folder), use ssh-add /path/to/my-non-standard-ssh-folder/id_rsa
to add them.
That is all!
Hope you like the tutorial. Stay tuned and don’t forget to provide your feedback in the response section.
Happy Learning!