In this guide, I will show you how you can easily and securely clone and deploy a private GitHub Repository to any server that has SSH enabled without exposing your GitHub account credentials to the server or giving the server any unnecessary access to your Github account.
We will do it using the Deploy keys in GitHub, which allows you to grant your server only limited access to a single repository.
Let’s get started.
Prerequisites
You need to make sure that you have the following installed on your server:
- Git
- OpenSSH Client
Moreover, you need to be the owner of the repository that you want to clone to the server or at least have enough permissions to modify some settings.
Generate RSA Key Pair and Add it to GitHub
It is very recommended that you generate the RSA key pair in your server, but you can generate it in your local machine as well.
First, change the current directory to the .ssh one in your home
cd ~/.sshIf you get an error message with No such file or directory. Then first create the .ssh directory as follow.
mkdir ~/.sshThen execute the following command as the .ssh directory require special permission where only the owner can read, write and execute it.
chmod 700 ~/.sshNow, you can generate it using this command.
ssh-keygenThen it will ask you to enter the file name. You can name it respository_name_rsa and replace <respository_name> with your repository name in GitHub.
Enter file in which to save the key (/root/.ssh/id_rsa): respository_name_rsa
Replace respository_name part with your repository name
Next, it will ask you to Enter passphrase (empty for no passphrase): you can keep it empty and hit Enter twice.
If it went successfully, you will see an output similar to this one.
The key's randomart image is:
+---[RSA 3072]----+
| ooo.. .|
| oo..oo..|
| . .+...= |
| . o . o .=|
|. . o.S . o.|
| o o oEo. ..|
| = *B=o +o|
| o oo**. . =|
| o..+o. .|
+----[SHA256]-----+
Next, run this command to print the public key.
cat ~/.ssh/respository_name_rsa.pubAgain, do not forget to replace respository_name_rsa it with whatever you named the file above. And do not forget the .pub at the end.
The output should be something like this.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDu41JTj1mtRwV19ykthDsKenTmFYVfQl2Z3lHQ35dT8ar2ND8JnpQEzhr9+SN3OinPwqgH1kWtJrNAhm3sPtHEqE8xuCGGRuVm0ZNd9gketglQUFQ9YouPg+EwqDc5Ys+pkFqOZAgjSZo3cEj0kUR4y3a8gLlgwah9lH5mPnVqbTEnD0XXoJYM7HGtuLFPSALjL9tKEtEIllqJT1RYT1/9d6N8aIrt82BbdR2AaYUMAgcxEczuGgw4gxr1YqIDMI6tMidSTVztcpN1T3evIZzATwwnCi5DG/1irSKIeuFcZjorLT2y8HJ7eJW4a2JJdcB9+Qv9T/vynoYYRvA3HBFwXfTWzWhMBbwWdG/NaS4HIew1QlZnACbAOcmzPYMfPHJtToQ865FBdXHCpRW2AsaQba41yzeWwplqEorVpVz5S983gifpCW8GbaH3bwnaaXjGGYG1hNt8vHfWi6lowjz06r/mS/C7DnbECBlhMT0+ZjUszFuRmvIQSWus1b2c7/0= [email protected]
Now, go to your repository in GitHub, from the tabs at the top select Settings tab, then from the left-hand panel under Security select Deploy keys. And paste the public key there and give it a title. Click Add key and go back to the terminal.
Configuring Hostname for GitHub and Git
Now that we have the file, let’s associate it with the GitHub hostname so that Git can use the key to fetch the private repository.
Let’s start with creating the ~/.ssh/config file.
nano ~/.ssh/configAdd the following to it.
Host respository_name
Hostname github.com
User git
IdentityFile ~/.ssh/respository_name_rsaCloning the Private Repository
Now, you can clone the private repository using the command below. But before running the command, make sure that you are in the right directory where you want to deploy the repository.
Go to your repository page on GitHub, Click on the Code button and select the SSH option then copy the URL.
In the copied link, replace the [email protected] part with the respository_name that you specified above as the Host in the config file.
For example, I copied the [email protected]:CodingInsideOut/SuperClassified and will change it to super_classified:CodingInsideOut/SuperClassified
Go to your terminal and type this command.
git clone super_classified:CodingInsideOut/SuperClassified.gitThat is it, now your repository should be cloned securely.
Conclusion
We have learned how to deploy a private repository using the Deploy key through SSH. While there exists other methods, such as creating a key and connecting it to your account. However, these are not as secure as they provide wider access to the server. Using a deploy key we give the server read-only access to a single repository and not to our account. Thus, in case our server was attacked and hacked, we will be safe!
In case you run into any issues, please let me know in a comment and I will be glad to help.
