17 Nov 2014
Public/private key pairs are a more secure way to allow remote login to any computers that you are running an ssh server on. It takes a few steps to set them up, but it really is worth it.
Make a new key
mkdir ~/.ssh # create a folder for storing your keys chmod 700 ~/.ssh # allow rwx for your account only ssh-keygen -t rsa # generate a new key of type rsa
You will then be prompted to give the key a name. Choose something descriptive! You will also be prompted to create a password for this key.
Transfer key to host
To get your new key to your host from a linux computer try:
ssh-copy-id user@host # Automatically copy all your public keys to host
If that fails or you are on OS X you can copy the key manually with:
scp -C id_rsa.pub user@server:~/.ssh/authorized_keys
Then you should be able to ssh to
user@server without an ssh password. You
will be prompted for your key’s password, but that will only happen once if you
are, for example, using keychain on OS X.
As a last step run this from the home folder on the host machine. This just makes sure that any programs that need access to your public key can get it.
chmod g-rwx,o-rwx .ssh -R # new permissions will now be 777
Make a new key as above, but Github suggests:
ssh-keygen -t rsa -b 4096 -C "descriptive-comment"
Then add the key to your system with
Finally, add the public key in the SSH Keys tab of your Github settings by
copying the entire contents of
Coexistence of Two SSH Keys used for two Github Accounts
You need to configure your system to know which ssh key to use with which repo, which takes a bit of bookeepping. The steps are found in this gist and its comments.
First put something like this in
~/.ssh/config (you may need to create this file).
# account1 Host github.com-account1 HostName github.com User git IdentityFile ~/.ssh/id_rsa_account1 # account2 Host github.com-account2 HostName github.com User git IdentityFile ~/.ssh/id_rsa_account2
This gives ssh a way to associate hosts (git repo push/pull targets) with
keys. Now you need to configure your git repos to work with this system.
For existing repos, in the file
.../repo/.git/config, change this:
[remote "origin"] url = email@example.com:account1/repo.git
[remote "origin"] url = firstname.lastname@example.org:account1/repo.git
To avoid having to edit this config file for new repos you clone or create in
the future, add the
-account1 to your clone command like this:
git clone email@example.com:account1/new_repo.git