Setup SSH-Key

We need to use SSH method for pull/clone updates from repository when using CI/CD, otherwise authentication will block pull/clone operations.

SSH-Key for Github Action to Connect Server SSH

Users must have a password set, otherwise SSH connections will be rejected.

Here's how to generate SSH key for GitHub Actions to connect to server:

  1. For generating ssh key, Github recommends using ed25519 algorithm, but rsa can be used for older systems.
    For ed25519, copy and paste this command, update the email:
    ssh-keygen -t ed25519 -C "your_email@example.com"

    Or for rsa, use:
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  2. After running command in step 1, you'll be prompted for ssh-key location:
    Enter file in which to save the key (/root/.ssh/id_ed25519)

    By default, system names files based on algorithm used, like id_rsa or id_ed25519. I recommend changing ssh-key name as needed, since creating another ssh-key with same algorithm will replace/overwrite the old one. For example, I save the ssh-key in /root/.ssh/github_ed25519
  3. For security, enter passphrase for the created ssh-key.
  4. Add public key from created ssh-key to ~/.ssh/authorized_keys using:
    cat ~/.ssh/github_ed25519.pub >> ~/.ssh/authorized_keys
  5. Add private key to repository by accessing "Settings" on repository page, select "Secrets and Variables", then "Actions". Add following secrets:
    HOST : Server IP
PORT : Server port
USERNAME : Server login username
SSHKEY : SSH private key (~/.ssh/github_ed25519)
PASSPHRASE: SSH-key passphrase

SSH-Key for Pull/Clone

Here's how to generate SSH key for repository pull/clone:

  1. For generating ssh key, Github recommends ed25519 algorithm, but rsa works for older systems. This SSH Key shouldn't use passphrase for automated CICD.
    For ed25519, copy and paste this command, update the email:
    ssh-keygen -t ed25519 -C "your_email@example.com"

    Or for rsa, use:
    ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  2. After running command in step 1, you'll be prompted for ssh-key location:
    Enter file in which to save the key (/root/.ssh/id_ed25519)

    By default, system names files based on algorithm used, like id_rsa or id_ed25519. I recommend changing ssh-key name as needed, since creating another ssh-key with same algorithm will replace/overwrite the old one. For example, I save the ssh-key in /root/.ssh/pull_github_ed25519
  3. If changing ssh-key filename like I did in step 2, open ~/.ssh/config, add:
    Host github.com
   HostName github.com
   IdentityFile ~/.ssh/pull_github_ed25519

    Ensure ~/.ssh/config has 600 permissions.
  4. Go to Settings in Profile top-right corner, select SSH and GPP Keys, then add SSH Keys. Fill key value with public key from /root/.ssh/pull_github_ed25519.pub.
  5. Test ssh connection to github using:
    ssh -T git@github.com

You should get response like this:

Hi xxxx! You've successfully authenticated, but GitHub does not provide shell access.

Permission Notes

  • .ssh folder should be 700.
  • .pub file its ok with 644.
  • Other file should be 600.
Edit this page on GitHub
Table of Contents