Introduction
When working with GitHub repositories, it’s common to use SSH keys to authenticate instead of passwords. However, if you’re managing multiple repositories or working on a single repository with specific security needs, you might want to configure SSH keys for just one repository. In this guide, we’ll walk you through setting up a dedicated SSH key to securely sync with a single GitHub repository, improving security, especially when storing private keys on remote servers or VPS.
Why Use SSH Keys for a Specific Repository?
Using a single SSH key for a repository restricts access to only that repository. This isolation is useful in several scenarios:
- Improved security: If your private key is compromised, access is limited to just the target repository.
- Granular control: You can control which key has access to which repository, making it easier to manage multiple keys for different tasks.
- Simplified automation: When using deploy keys or automation scripts, this approach can be used to grant access to only one repository at a time.
Step 1: Generate a New SSH Key
If you don’t already have a specific SSH key for your GitHub repository, start by generating one. You can use ssh-keygen to create a new key pair.
ssh-keygen -t ed25519 -C "your_email@example.com" -f ~/.ssh/github_repo_id_ed25519
This will create two files:
~/.ssh/github_repo_id_ed25519(your private key)~/.ssh/github_repo_id_ed25519.pub(your public key)
The private key should never be shared or exposed, while the public key will be added to your GitHub repository.
Step 2: Add the Public Key to Your GitHub Repository
Go to your GitHub repository, and in the Settings section, add the public key as a deploy key:
- Navigate to Settings → Deploy Keys.
- Click Add deploy key.
- Give it a name (e.g., “GitHub SSH Key”).
- Paste the contents of your
github_repo_id_ed25519.pubfile into the key field. - Select either read-only or read-write access depending on the level of access you want.
Click Add key to save.
Step 3: Configure SSH for the Repository
Now, configure SSH to use the specific key for accessing the repository. You can do this by adding an entry to your ~/.ssh/config file.
nano ~/.ssh/config
Add the following configuration, replacing github-repo with your preferred alias and ensuring the path to your private key is correct:
Host github-repo
HostName github.com
User git
IdentityFile ~/.ssh/github_repo_id_ed25519
IdentitiesOnly yes
This configuration tells SSH to use the specific key github_repo_id_ed25519 when connecting to GitHub.
Step 4: Update or Add the Remote URL in Your Local Repository
Sync a local repository
To sync your local repository with the GitHub repository, change the remote URL to use the SSH alias you’ve configured in ~/.ssh/config. Navigate to your local Git repository and run the following:
cd /path/to/your/repository
git remote set-url origin git@github-repo:username/repository.git
Make sure to replace username/repository.git with the actual repository path.
Add remote repository to local
To add a remote repository:
cd /path/to/your/repository
git init
git remote add origin git@github-repo:username/repository.git
Step 5: Test the SSH Connection
Now that everything is set up, verify that your SSH connection works properly by running:
ssh -T github-repo
You should see a message like:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
This confirms that the SSH key is correctly configured and is being used to authenticate with GitHub.
Step 6: Push Changes to GitHub
Once the remote URL is updated, you can start syncing your local repository with GitHub. To push changes to your GitHub repository, simply run:
git push origin main # Or the relevant branch name
Git will use the SSH key associated with the github-repo alias to authenticate and push your changes.
Conclusion
By following these steps, you’ve securely configured SSH to access a specific GitHub repository. This approach not only enhances security by limiting access but also provides better management of your SSH keys, especially when dealing with multiple repositories or automating workflows.
With this setup, you can now safely push, pull, and manage your GitHub repository without the risk of exposing your other repositories or credentials.