If you've been using GitHub for a while you
might have noticed that using your username and password to make commits and pushing to
repo no longer works. This is because as of August 13, 2021 GitHub no longer accepts
password authentication for operations. There are actually a few good reasons for
doing this such as the dangers of having passwords being reused from multiple
websites. So you might be thinking, "What does GitHub want me to use instead?"
The answer is token-based authentication.
There are a few different options like SSH
keys personal access keys and using OAuth. SSH keys are arguably the easiest to implement,
so we'll focus today on using this method. We should probably talk about what's so great
about SSH keys. The main reason is security. GitHub doesn't need your username and
password each time when using SSH keys essentially each key uniquely identifies
your computer and after initial setup GitHub can trust that this computer can do operations.
The key is sort of like a government issued ID; there's a bit of an initial work
to get your identification card but after that everyone who sees your ID
just assumes you are who you say you are. Another nice thing about using SSH keys
is that you can revoke a specific key. Since you set up a key for each computer or
machine you use by provoking a specific key you can make sure a compromised computer,
like a stolen one, won't impersonate you. And lastly, GitHub will actually remove your
inactive SSH keys after a year. This is a great default for when you switch computers and
never got around to manually revoking that key. Alright, now that we have a little
bit more background let's go ahead and show how to create and use SSH keys. Assuming you haven't made any SSH keys before
the first step will be to generate a key. We'll need to open up a terminal on
our computer, similar to this one. We'll then need to enter the
command ssh-keygen -t ed25519 -C (capital C) with our email. In this case,
I'm just calling it temp@example.com since it doesn't really matter, but you would put your own
email that you would have for your GitHub profile. Note that this ssh-keygen is saying
how we're going to generate the key. This -t and then the ed25519 is the
type of encryption we use for that key. Note that if you have an older computer or your
computer is not compatible with this encryption, you can instead use RSA. There's more details in
the GitHub documentation link in the description box. And then finally we have -c here which
is basically just saying okay here's the email associated with that key, which is why you
put your own email and not temp@example.com. When I run this, this generates a new SSH key that
we can now use. You will be given this prompt, asking you where you want to save your key.
You can simply press ENTER to use the default location. You'll now also be prompted to type
a secure passphrase. This is optional and you can skip it by pressing ENTER. But if you want
the extra security, you should enter it now. If you do use a passphrase, you can have your
Mac or Windows system save it in the keychain so you don't have to retype it every single
time. Maybe we can go over that in the future but for now press ENTER to skip this passphrase. Now that you have the key generated, we need to
make sure a computer's SSH agent knows about it. You can sort of think of the agent as your
wallet to hold your different SSH keys. We can start up the SSH agent by typing
out eval and then quotes (double quotes), dollar sign, parentheses, ssh-agent,
space -s, and parentheses, and quotes. Note this is just going to start up our SSH
agent. Note that your system might be a little different. So if that command didn't quite
work, definitely check out GitHub's guide. Now we can add our private key to the SSH agent.
Think of it as putting our ID into our wallet. If you have a Mac, you might need to see if this
file already exists the file is from ~/.ssh/config If this file does exist already, we can just
go ahead and open it. But in this case, this says the file doesn't exist so we'll go ahead and
create that by simply just typing touch and then the name of the file. In this case, again that ~
(that says it's the home directory) .ssh/config. Now that the file is there, we can go ahead
and edit it. i'll go ahead and use vim here. Note that since we created this file
and because it didn't exist before, it's completely blank. So we'll go ahead
and enter this information from scratch. To add our private key to the SSH agent,
we'll go ahead and type the following: We'll say Host *, and then
AddKeysToAgent yes, and then the name of the file (basically our key here). So that's
going to be our IdentityFile ~/.ssh/id_ed25519. And again you might have something slightly
different if you had a different process, but this file would actually exist inside
the .ssh folder (assuming of course a Mac). Note that this last bit here is actually
generated when we created the key. If we use the passphrase and want it to be
stored so we don't have to type it every time, we can use Mac's keychain by adding the
following line: which is UseKeychain yes. Note if you're on Windows you shouldn't
have to create or populate the file. But since we're not using a passphrase, I'm going to delete
this line. And we'll go ahead and save this file. And the last part is just simply running ssh-add and then the name of that file, which in that case
is the .ssh/id_ed25519. Awesome! Looks like this worked! So the next step is to tell GitHub about
our SSH key that's being used by our computer. So we'll go ahead and switch gears away from
our terminal and go into a browser and open up github.com. While logged into our GitHub account,
we'll go ahead and navigate to the settings. Then we'll go ahead and scroll down and look on
the sidebar here until we find "SSH and GGP Keys". We'll click on that and we'll see that
we'll have a new area called SSH keys. We'll go ahead and click on "New SSH Key".
On this page, you'll see that there's a title, and a key, and something explained to
what we're going to put in this box. The title is just for us, basically just
telling us what kind of SSH key we're using. And the key is going to actually come from the
file that we generated when creating our key. So let's go ahead and open up that file. Now that we're in the terminal, I'll go ahead and
use the cat command to read out the contents of the file. And the file name is the ~/.ssh (that's
where the folder is) and then the file name is id and then the encryption name [stumbles over
words] the encryption type we use, ed25519, .pub. The .pub is the important part
representing the public key. I'll go ahead and copy these contents here.
And remember that this is just what's inside the file so you could have opened this
up in a text editor if you wanted to. And then we'll go back to our browser.
We'll go ahead and paste the contents of that file under the key. And then we'll
give it a meaningful name. In this case, I'll just call this "Tutorial Key" since
I'm not going to be keeping this key around. Then we can just simply "Add SSH Key" and
you'll likely be asked for your password. And that's it! In theory you should be all set,
but let's go ahead and test and see if it worked. We'll go back to a terminal and
simply enter SSH - T git@github.com This is basically just going to say, "Hey, I'm going to use my SSH key
to try to access github.com". GitHub kind of has this as a practice to make
sure that your connection actually works. You may get a warning something
like this since this is the first time we've actually connected.
We'll go ahead and say "yes". Then we should see a success right here you
can see "You've successfully authenticated, but GitHub does not support show access."
And that's what we expected we just wanted to check that our ssh key worked. And
in this case, it looks like it did work! So now we can go ahead and use that when we use
our clones or pushes and all that good stuff. Let's go ahead and show you what
you would need to do to do this. Let's go ahead and show how we can use
our SSH key to do something like a clone. We'll go ahead and go to a repo here (in this
case it's one of my own repos), and I'll go ahead and click on this code part which is what
you normally would use to find your URL to clone. But you'll see that there's
an HTTPS, SSH, and GitHub CLI. We're not going to use CLI right now, and HTTPS
is what we used to use. We're going to use SSH. And you can see here, this part right
here is a little bit different and you can see the very beginning has git@github.com
versus the HTTPS in the front here. So we'll go ahead and copy this. And then in
our terminal we'll go ahead and paste that link. And in our terminal, we'll
go ahead and go do git clone and then paste that link. And you can
see here, it clones this. At this point, your repo that you've cloned onto your local
machine will now know to use the SSH key. Note that if you are using a repo that was
using an HTTPS key before instead of an SSH, you'll have to make sure your remote points to
something like git@github.com versus the HTTPS. So if I were to go ahead and cd into
this, I'll go ahead into "lesson-git...". If i do get remote -v, you can see
here the origin. And this is the URL. Note again if you did remote on your previous
repo you would have to update the remote.
And there you go; that's it! We went through the main steps
of getting SSH keys working. There's more tweaking customizing you can
do, but I hope this is a good helpful start. Best of luck!
And until next time, happy coding!