SSH and github on the server.

By Victor M. Vaquero

created on: 2024-01-13

last modified on: 2024-01-13

Summary: There are many guides out there about how to get started with SSH. However, most of them fail to exemplify some of the (IMHO) most useful use-cases. This is a practical and short guide of a few selected topics.

 Generating your keys

 

ssh-keygen

 

This is the default command to generating a private/public key. basically, two files (okay, everything on GNU/Unix is a file). This command, by default, will output those files in the ~/.ssh/ directory (MAKE SURE YOU ARE NOT OVERWRITTING YOUR ALREADY EXISTING KEYS!). This command should prompt your for a passphrase for your private key, you should deffinitely add one. The passphrase will encrypt your private key. You'll need to use that passphrase everytime you use your private key. After running the comand. you should have a few files on your ~/.ssh/ directory: id_ed25519 and id_ed25519.pub. 

 

The contents of id_ed25519 should never be shared since this is the private key wherease the contents of id_ed25519.pub can be shared as required. 

 

Setting your ssh keys on github

 

Simply go to settings > SSH and GPG keys and add the contentents of id_ed25519.pub (not your private key). You get two options here: set the key for signing, which means signing your commit  i.e. git commit -S ; and set your key for authentication, e.g push/pull the repo.

 

Setting up a EC2 server on your ~/.ssh/config

 

Host pinkponny
  Hostname ec2-<ip-address>.<aws-region>.compute.amazonaws.com
  user <your-username>
  IdentityFile ~/path/to/file.pem
  ForwardAgent yes
  Port 22

 

Why do this if you can already connect to an EC2 server? For convenience. Also, this way you are specifying that you want to allow "ForwardAgent" which will be disscussed in the next section. Here I am using Port 22 but it could be any port you configure on AWS (which is a a recommended thing to do to improve the security of the server).

 

Pulling a github repo on a remote server.

Consider the following scenario: you have to pull a private repo on a remote server. You might be thinking on copying your private key on the remote server. That is a security risk. Don't do it, even if you got a passphrase. Instead, forward your key with an ssh-agent which allows you to authenticate with the Git server using the private key from your local machine, without copying the key to the server. 

 

On your local machine, run this (assuming you are using bash. If you don't know, you are probably using bash):

 

eval $(ssh-agent -s)

 

This should return "Agent pid 12391" (the number will be different, this is the process ID). You can now add your ssh key to this agent with the following command:

 

ssh-add /path/to/private/key

 

This should prompt you for your passphrase. And that is it, you know added your key to the agent.

To ssh into the remote server while also forwarding your credetials, you can use this command:

 

ssh -A pinkponny

 

pinkponny is the name we assigned to the server in the ~/.ssh/config file. With this, you can now pull/push the private repo on the remote server without exposing your private key. Keep in mind that this ssh-agent will only be available to that single terminal and not user/system wide meaning that when you close the terminal, you'll need to create a new agent and add your key again (although the first agent will still be running). 

 

Cheers!

Let's connect!

victor@chroniclesofhades.com

Find me on social media

mastondon logogithub logolinkedin logo