Using SSH keys for github, you can connect to it without having to supply a username and password.
If you already have a gpg key, below are instructions on how you can use it for SSH access.
The benefits of doing this would be that you only have the one GPG key to manage, rather than that and an extra SSH key.
Generate a new GPG key
Refer to https://help.github.com/articles/generating-a-new-gpg-key/ for instructions on how to generate the gpg key
Generate an authentication subkey
The steps were taken from here. (credit for this step goes to the guys at linode.com)
- In a command prompt or terminal, type:
gpg2 --expert --edit-key key-id
Replace
key-id
with the eight-character string output from the key generation process. This will be found in the line beginning withpub
. In the example above, the ID is71735D23
. - At the new
gpg>
prompt, enter:addkey
- When prompted, enter your passphrase.
- When asked for the type of key you want, select:
(8) RSA (set your own capabilities)
. - Enter
S
to toggle the ‘Sign’ action off. - Enter
E
to toggle the ‘Encrypt’ action off. - Enter
A
to toggle the ‘Authenticate’ action on. The output should now includeCurrent allowed actions: Authenticate
, with nothing else on that line. - Enter
Q
to continue. - When asked for a keysize, choose
4096
. The same limitation from Step 4 in the first section applies, so ensure your card/YubiKey can support this key size. - Enter an expiration date, just as before. You should probably keep this the same as the first one. If you choose a lower expiration date, your main private key will continue to function but your SSH authentication will break on this date.
- When you’re sure all of the information entered is correct, enter
y
at theReally create? (y/N)
prompt to complete the process. - Once the key is created, enter
quit
to leave the gpg prompt, andy
at the prompt to save changes.
Your terminal should now look like this:
$ gpg2 --expert --edit-key 71735D23
Secret key is available.
pub 4096R/71735D23 created: 2016-04-09 expires: 2017-04-09 usage: SC
trust: ultimate validity: ultimate
sub 4096R/693C5635 created: 2016-04-09 expires: 2017-04-09 usage: E
[ultimate] (1). Your Name (Test for GPG -> SSH) <you@yoursite.net>
gpg> addkey
Key is protected.
You need a passphrase to unlock the secret key for
user: "Your Name (Test for GPG -> SSH) <you@yoursite.net>"
4096-bit RSA key, ID 71735D23, created 2016-04-09
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
Your selection? 8
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? S
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? E
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions:
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? A
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? Q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sun Apr 9 18:49:58 2017 AEST
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
pub 4096R/71735D23 created: 2016-04-09 expires: 2017-04-09 usage: SC
trust: ultimate validity: ultimate
sub 4096R/693C5635 created: 2016-04-09 expires: 2017-04-09 usage: E
sub 4096R/48B9C23C created: 2016-04-09 expires: 2017-04-09 usage: A
[ultimate] (1). Your Name (Test for GPG -> SSH) <you@yoursite.net>
gpg> quit
Save changes? (y/N) y
SSH configuration
some snippets were copied from ryanlue.com
-
- Add the following line to ~/.gnupg/gpg-agent.conf
enable-ssh-support
- Add the following lines to ~/.bash_profile
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) gpgconf --launch gpg-agent
- Run the following:
$ gpgconf --kill gpg-agent # (just in case it’s already running) $ source ~/.bash_profile
- Tell gpg-agent which subkey to pass to ssh by adding its “keygrip” to
~/.gnupg/sshcontrol
:$ gpg -k --with-keygrip /Users/you/.gnupg/pubring.kbx ------------------------------ pub rsa2048/93BDD96B 2017-06-29 [SC] D03833D3D52F5FFCCC73452461671825E8DEC139 Keygrip = 8A6CDC5FCE05A5B251BD8C397B269607534B4702 uid [ultimate] Big John <big.john@gmail.com> sub rsa2048/0424163D 2017-06-29 [E] Keygrip = E110250E32B811D45879A66F487CE95BC1906D77 sub rsa2048/8F228EDB 2017-06-29 [A] Keygrip = 32BC5688805A640D495E8A7B41EC78F74E77E098 $ echo 32BC5688805A640D495E8A7B41EC78F74E77E098 > ~/.gnupg/sshcontrol
- Confirm key has been added:
$ ssh-add -l 2048 SHA256:zQ1wF6qOq8UNqcSRMYhDc+Cg3yM9lgp8dWvXwjnPcvU (none) (RSA)
- Get public key:
$ ssh-add -L ssh-rsa AAASJHKHGUYGUYHGBUYGFHBNYGYUBUYGUYHHBUYGYU2048zQ1wF6q ... Oq8UNqcSRMYhDc+Cg3yM9lgp8dWvXwjnPcvU== (none)
- Add the following line to ~/.gnupg/gpg-agent.conf
Adding SSH public key to Github
Add the SSH public key (from the previous step) into your GitHub account following this GitHub guide.
Once done, you can test your SSH connection.