James Thompson
Posted on July 24, 2023
Do it before you need it
In my previous article, I wrote about GitHub's RSA SSH Host Key update. This shows that even enterprise companies that we depend on can have issues that may affect our daily lives.
Mistakes will happen in our profession and throughout the industry. Adapting a security-first
mindset for production environments is important to help minimize potential issues in the future. SSH keys provide a secure way to authenticate and establish a secure connection between your local development machine and GitHub.
In this article, I will discuss how to install an SSH key on GitHub for your local developer environment. I will also explore the pros and cons of using SSH keys for your development environment.
Install SSH Key for GitHub
Prerequisites
Before we begin, make sure you have the following prerequisites:
A GitHub account
Git installed on your local machine
Step 1: Generate SSH Key
Open your terminal.
Run the following command to generate a new SSH key:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
-
Press
ā NOTE: DO NOT skip the next step of generating a passphrase.Return
to accept the default file location and name for your SSH key. Enter a
passphrase for your SSH key
. This step is important for adding another layer of security.
Step 2: Add SSH Key to SSH Agent
Start the SSH agent by running the following command:
eval "$(ssh-agent -s)"
Add your SSH private key to the SSH agent by running the following command:
ssh-add ~/.ssh/id_rsa
Step 3: Add SSH Key to GitHub
Copy your SSH public key to the clipboard by running the following command:
pbcopy < ~/.ssh/id_rsa.pub
Go to your GitHub account settings.
Click on "SSH and GPG keys" in the left sidebar.
Click on "New SSH key" or "Add SSH key".
Give your SSH key a title and paste the copied public key into the "Key" field.
Click on "Add SSH key" to save.
Step 4: Test SSH Connection
- Test your SSH connection to GitHub by running the following command:
ssh -T git@github.com
- You should see a success message indicating that you've successfully authenticated.
SSH Keys: Pros and Cons
Pros
Enhanced Security: SSH keys provide a more secure way of authentication compared to passwords. They use public-key cryptography, making it difficult for attackers to intercept and decrypt your credentials.
Convenience: Once set up, SSH keys allow for seamless authentication without the need to enter passwords repeatedly.
Automation: SSH keys can be used in automated scripts and workflows, enabling seamless integration with various tools and services.
Multiple Accounts: SSH keys allow you to manage multiple GitHub accounts easily by associating different keys with different accounts.
Cons
Initial Setup: Setting up SSH keys requires generating and managing key pairs, which can be a bit complex for beginners.
Key Management: If your private key gets compromised, it can lead to unauthorized access. Therefore, it is crucial to protect your private key with a strong passphrase and follow best practices for key management.
Limited Accessibility: SSH keys are tied to specific machines. If you need to access your GitHub account from a different machine, you'll need to generate and add a new SSH key.
Conclusion
Installing an SSH key for GitHub on your local developer environment provides a secure and convenient way to authenticate and interact with your repositories. While there are some complexities involved in the initial setup and key management, the enhanced security and automation benefits make SSH keys a necessary addition to any production development workflow.
Photo credit to Desola Lanre-Ologun on Unsplash
Posted on July 24, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.