Home » Posts » Mastering git authentication SSH keys and HTTPS
Mastering Git Authentication: SSH Keys and HTTPS 🚀

Mastering Git Authentication: SSH Keys and HTTPS 🚀

A Little Intro 🌟

In this post, we're taking a look at different types of SSH keys available for use with GitHub. The winning SSH key will be setup in Github along with HTTPS.

What are SSH Keys? 🗝️

SSH keys consist of a private and public key which are generated together by using a public key cryptography alogrithm. Using various computation methods, the algorithm generates random numeric combinations of varying lengths, all in an effort to prevent brute force exploits. 🛡️

As the name suggests, the private key is meant to be kept to yourself. The public key is shared with servers allowing you to authenticate to them.

Types of SSH Keys

Let's take a look at three different types of SSH keys which GitHub supports:

RSA Keys

RSA keys have been a thing since 1977 and are the most widely used key on GitHub. The RSA key is based on the principle that it's easy to multiply large numbers, but finding what numbers to multiply together to get large numbers is very difficult. This is referred to as factoring. To achieve 128-bit security, RSA keys would need to be at least 3072 bits in length.

ECDSA Keys

ECDSA was developed in 1992 and uses the principle of elliptic curve mathematics rather than factoring, which RSA relies on. To achieve 128-bit security, ECDSA keys need to be at least 256 bits in length. When you compare this to RSA keys, you have a very performant edge. Fun fact - because ECDSA keys demand smaller network load, less storage and computing power, they're the preferred choice for blockchain technology. 🌐

ED25519 (EdDSA) Keys

ED25519 was introduced in 2011 and is a variant of ECDSA. It offers built-in protection against certain types of insecurities which were found in ECDSA and requires smaller key sizes when compared with RSA and ECDSA. It provides attack resistance comparable to 4096-bit RSA keys. This key is easily the most secure and performant key of the three. Fun fact - TLS 1.3 and TOR use EdDSA keys given their superiority in performance and security. 🛡️💪

Creating Your SSH Key

WINDOWS

OpenSSH Client Installation

On Windows, you'll need to ensure the OpenSSH client has been installed.

The below requires Windows 10 or 11 and Powershell with admin privileges.

  1. Check if OpenSSH is available:
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

If OpenSSH Client isn't installed, the output will show the OpenSSH.Client State as “Not Present”.

  1. Assuming you don't have it installed, run the following:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

You should recieve an output of:

Path:
Online: True
RestartNeeded: False

SSH Agent Setup

  1. Set the SSH Agent to start up automatically at boot time:
Set-Service -Name ssh-agent -StartupType 'Automatic'
  1. Start the SSH Agent service
Start-Service -Name ssh-agent
  1. Let's ensure the SSH Agent service is running:
Get-Service -Name ssh-agent

Which should give you an output like:

Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

Generating the ED25519 Key

  1. Generate your ed25519 key with the following command:
ssh-keygen -t ed25519 -C "your_email@example.com"

Follow the prompts and this will generate an your key pair. If you went with all the defaults, then the key would be created here: C:\Users<YourUsername>.ssh\

The private key will be named: id_ed25519

The public key will be named: id_ed25519.pub

Adding Your SSH Key to the SSH Agent

  1. Start the ssh-agent in the background:
eval $(ssh-agent -s)
  1. Add your SSH private key to the ssh-agent:
ssh-add ~/.ssh/id_ed25519

MacOS and Linux

The process on MacOS and Linux is straightforward in the terminal.

Generating the ED25519 Key

  1. Open your terminal.
  2. Generate an ED25519 SSH key:
    ssh-keygen -t ed25519 -C "your_email@example.com"

Adding Your SSH Key to the SSH Agent

  1. Start the ssh-agent:
eval "$(ssh-agent -s)"
  1. Add your private key:
ssh-add ~/.ssh/id_ed25519

Adding SSH Keys to GitHub 🌐

  • Go to GitHub and navigate to Settings > SSH and GPG keys.
  • Click on ‘New SSH key’ or ‘Add SSH key’.
  • Paste your public key into the field.
  • Title it with a descriptive name and click ‘Add SSH key’.

SSH Config Setup

If you are part of multiple GitHub organizations or have several accounts requiring different SSH keys, an SSH config file will help. I use it regardless so I can scale if needed.

Setting up the SSH Config File

Create or modify your ~/.ssh/config file by adding a new Host entry for each organization and make sure your key path is set correctly:

Host github-org1
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_org1
    IdentitiesOnly yes

Host github-org2
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_org2
    IdentitiesOnly yes

Installing Git

Windows Installation

  1. Download the latest version of Git for Windows here.
  2. Run the installer and follow the prompts.

Ubuntu Installation

  1. Update your package index:

    sudo apt update

  2. Install Git:

    sudo apt install git

RedHat Installation

  1. Install Git using Yum (for older versions of RedHat):

    sudo yum install git

  2. For newer versions (RHEL 8 and CentOS 8), use DNF:

    sudo dnf install git

macOS Installation

  1. Use Homebrew:
    brew install git

Configuring Git

Global Configuration

This will be required, regardless of OS:

git config --global user.name "Your Name"
git config --global user.email "your_email@example.com"

HTTPS Configuration 🔒

Creating your GitHub Personal Access Token

  1. Log in to your GitHub account.
  2. In the upper-right corner of any page, click your profile photo, then click Settings.
  3. In the left sidebar, click Developer settings.
  4. In the left sidebar, click Personal access tokens.
  5. Click Generate new token.
  6. Give your token a descriptive name under “Note” to remember what the token is used for.
  7. Select the scopes or permissions you'd like to grant this token. For example, if you need the token for accessing repositories, select the repo scope.
  8. Click Generate token.
  9. Copy your new personal access token. Keep this token secure as it’s your password equivalent. GitHub won’t show the token again for security reasons.

Caching Token

  1. You'll need Git Credential Manager to be installed. Installation instructions here.
  2. Enable credential caching with the following:
git config --global credential.helper cache
  1. Set the cache to timeout after an hour (3600 seconds) by adding:
git config --global credential.helper 'cache --timeout=3600'

Switching Between HTTPS and SSH

If you're managing multiple repositories and require different authentication methods, you can achieve this by navigating to your repository directory and executing the following:

Setting repository-specific configurations:

git config user.name "Your Repo-specific Name"
git config user.email "your_repo_specific_email@example.com"

Using SSH for specific repositories:

git remote set-url origin git@github.com:username/repo.git

Using HTTPS for specific repositories:

git remote set-url origin https://github.com/username/repo.git

Wrap Up 🎉

If you've followed this article through to completion, well done! You are all set and ready to manage your GitHub repositories from the command line in the best way possible. 🚀

About Me

About Me

About Me

About Me 🌟 Hey! I'm Lloyd, a DevOps/Cloud Engineer in South Australia. I have a strong background in developing and supporting IT infrastructure with a focus on automation, security and saving on costs. Currently, I'm working for Cuscal, where I am …

Know More

Category