====== Github 使用 Deploy Key 存取 repo ======
打算將私有 repo 提供唯讀權限給特定對象, 但 [[tech/github_token|Github 的 personal access token]] 並不提供這樣針對特定 repo 的唯讀權限設定, 後來發現似乎可以使用 repo 內的 Deploy Key 來達成.
===== 建立 ssh key ====
* Exp. mytest@ichiayi.com / 不需要密碼 ssh-keygen -t rsa -b 4096 -C "mytest@ichiayi.com"
* ++觀看執行結果|
/home/mytest$ ssh-keygen -t rsa -b 4096 -C "mytest@ichiayi.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mytest/.ssh/id_rsa):
Created directory '/home/mytest/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mytest/.ssh/id_rsa
Your public key has been saved in /home/mytest/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:kLtdpnYOPVmTfTxxxxxxxxxxxxxxxxxx/jEYf7eCRzU mytest@ichiayi.com
The key's randomart image is:
+---[RSA 4096]----+
| ...= EX|
| . .o @+X|
| o =+X*|
| o ooo+O|
| . S o.+o.oo|
| o = o.... |
| . = = |
| . + . |
| . |
+----[SHA256]-----+
++
===== 設定 Github Deploy Key =====
* 將剛剛產生的 pub 貼上 GitHub Deploy Key 內 cat .ssh/id_rsa.pub
* {{:tech:image_24.png?800|}}
===== 檢查 git ssh key =====
* 確認剛剛產生的 key 是否在預設路徑 Exp. /home/mytest/.ssh/id_rsa
* ssh -T git@github.com
* ++看檢查訊息|
/home/mytest$ ssh -T git@github.com
The authenticity of host 'github.com (52.69.186.44)' can't be established.
RSA key fingerprint is SHA256:nThbg6kxxxxxxxxxxxxxxxxxxxxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com,52.69.186.44' (RSA) to the list of known hosts.
Hi iii-org/devops-ui! You've successfully authenticated, but GitHub does not provide shell access.
++
* 如果有多個 deploy key 採用不同檔名存放 Exp. /home/mytest/deploy-key/abc1_id_rsa /home/mytest/deploy-key/abc1_id_rsa.pub
* 可以在 ssh 後面加上 -i /home/mytest/deploy-key/abc1_id_rsa 的參數指定使用哪個 deploy key ssh -T -i /home/mytest/deploy-key/abc1_id_rsa git@github.com
===== 執行 git clone =====
* Exp. git clone git@github.com:iii-org/devops-ui.git
* ++看執行結果|
/home/mytest$ git clone git@github.com:iii-org/devops-ui.git
Cloning into 'devops-ui'...
Warning: Permanently added the RSA host key for IP address '52.192.72.89' to the list of known hosts.
remote: Enumerating objects: 17525, done.
remote: Counting objects: 100% (5563/5563), done.
remote: Compressing objects: 100% (2370/2370), done.
remote: Total 17525 (delta 3635), reused 4930 (delta 3011), pack-reused 11962
Receiving objects: 100% (17525/17525), 6.00 MiB | 4.67 MiB/s, done.
Resolving deltas: 100% (11017/11017), done.
++
* 如果是多個 Deploy Key 的設定方式, 必須編輯 ~/.ssh/config 來指定哪個 github repo 用哪個 deploy key Exp.
Host devops-ui github.com
Hostname github.com
IdentityFile /home/mytest/github-key/iiiorg-devops-ui_id_rsa
User iii-org
Host repo-b-shortname github.com
Hostname github.com
IdentityFile /home/mytest/github-key/repo-b_id_rsa
#User username-on-remote-machine
===== 參考網址 =====
* [[https://gist.github.com/auth/github?return_to=https%3A%2F%2Fgist.github.com%2Fzhujunsan%2Fa0becf82ade50ed06115|zhujunsan/Using Github Deploy Key.md]]
* https://snipe.net/2013/04/11/multiple-github-deploy-keys-single-server/
{{tag>github deploy_key}}