1. Generate SSH Key (Deploy Key)
Deploy keys are usually read-only (can be made read/write if needed).
On your server or machine where deployment will run:
ssh-keygen -t ed25519 -C "deploy-key" -f ~/.ssh/deploy_key-t ed25519→ modern, secure key type-C "deploy-key"→ comment for identification-f ~/.ssh/deploy_key→ file name for the key
When prompted for a passphrase, leave it blank (deploy keys usually must be non-interactive).
This generates:
- Private key:
~/.ssh/deploy_key - Public key:
~/.ssh/deploy_key.pub
2. Add the Public Key to GitHub Repo
- Go to your GitHub repository → Settings → Deploy Keys
(URL:https://github.com/<owner>/<repo>/settings/keys) - Click “Add deploy key”
- Enter:
- Title: Something descriptive, e.g.,
Production Server - Key: Paste the contents of
deploy_key.pub
- Select “Allow write access” only if you need push access (otherwise leave read-only).
- Click Add key
3. Configure Private Key on Server
Ensure the private key is stored securely and permissions are restricted:
chmod 600 ~/.ssh/deploy_keyAdd it to your SSH config so git knows to use this key:
Edit ~/.ssh/config (create if not existing):
Host github.com-deploy
HostName github.com
User git
IdentityFile ~/.ssh/deploy_key4. Test the Connection
Run:
ssh -T [email protected]You should see:
Hi <repo-owner>/<repo>! You've successfully authenticated, but GitHub does not provide shell access.5. Clone or Set Remote Using the Deploy Key
Use the custom host alias (github.com-deploy) you set in SSH config:
git clone [email protected]:<owner>/<repo>.gitOr if the repo is already cloned, set the remote:
git remote set-url origin [email protected]:<owner>/<repo>.gitIf you want to clone directly into the current folder
git clone [email protected]:<owner>/<repo>.git .If you want to clone specific branch directly into the current folder
git clone --branch <branch> --single-branch [email protected]:<owner>/<repo>.git .
Leave a Reply