Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.
As the name says, its primary function is to be used in the deploy process, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.
-
Generate a ssh key
Run this on the EC2
run
ssh-keygen -t rsa -b 4096 -C "{email}", leave the password empty as you want the deploy process keyboard-less.after the generation, file
id_rsaandid_rsa.pubcan be found under.sshfolder.Set permissions
sudo chmod 400 ~/.ssh/id_rsa -
add ssh key to repo's "Deploy keys" setting
cat .ssh/id_rsa.pubURL: https://github.com/{user}/{repo}/settings/keys
Cleanup
Delete the file
~/.ssh/id_rsa.pub -
Setup the git ssh key on the client machine
Git normally use the ssh key found in
.ssh/id_rsaunder user's home folder, so first you need to find out the home directory of the user.for example, on Ubuntu/Debian, in default, user
www-data's home directory is/var/www, so the ssh key file is/var/www/.ssh/id_rsa).Then copy the
id_rsafile from Step 1 to the right directory.You can test the connection by:
sudo -u $USER ssh -T git@github.com*You might need to grant Github's key to known hosts.
If everything went well, you can see:
Hi {user}! You've successfully authenticated, but GitHub does not provide shell access.Then you are all set!
Attention: make sure your repo url use git protocl not http, which means use
git@github.com:{user}/{repo}.gitnot
https://github.com/{user}/{repo}.git
You can use /.ssh/config file to config different ssh key for different repo. For detail, please follow the instruction in Ref.3 below.