====== Github 使用 Deploy Key 存取 repo ======
打算將私有 repo 提供唯讀權限給特定對象, 但 [[tech/github_token|Github 的 personal access token]] 並不提供這樣針對特定 repo 的唯讀權限設定, 後來發現似乎可以使用 repo 內的 Deploy Key 來達成.

===== 建立 ssh key ====
  * Exp. mytest@ichiayi.com / 不需要密碼 <cli>ssh-keygen -t rsa -b 4096 -C "mytest@ichiayi.com"</cli> 
  * ++觀看執行結果|<cli>
/home/mytest$ ssh-keygen -t rsa -b 4096 -C "mytest@ichiayi.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mytest/.ssh/id_rsa):
Created directory '/home/mytest/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mytest/.ssh/id_rsa
Your public key has been saved in /home/mytest/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:kLtdpnYOPVmTfTxxxxxxxxxxxxxxxxxx/jEYf7eCRzU mytest@ichiayi.com
The key's randomart image is:
+---[RSA 4096]----+
|          ...= EX|
|       .   .o @+X|
|      o      =+X*|
|       o    ooo+O|
|      . S o.+o.oo|
|       o = o.... |
|      . = =      |
|       . + .     |
|          .      |
+----[SHA256]-----+
</cli>++

===== 設定 Github Deploy Key =====
  * 將剛剛產生的 pub 貼上 GitHub Deploy Key 內 <cli>cat .ssh/id_rsa.pub</cli>
  * {{:tech:image_24.png?800|}}

===== 檢查 git ssh key =====
  * 確認剛剛產生的 key 是否在預設路徑 Exp. /home/mytest/.ssh/id_rsa
  * <cli>ssh -T git@github.com</cli>
    * ++看檢查訊息|<cli>
/home/mytest$ ssh -T git@github.com
The authenticity of host 'github.com (52.69.186.44)' can't be established.
RSA key fingerprint is SHA256:nThbg6kxxxxxxxxxxxxxxxxxxxxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com,52.69.186.44' (RSA) to the list of known hosts.
Hi iii-org/devops-ui! You've successfully authenticated, but GitHub does not provide shell access.
</cli>++
<WRAP center round tip 60%>
  * 如果有多個 deploy key 採用不同檔名存放 Exp. /home/mytest/deploy-key/abc1_id_rsa /home/mytest/deploy-key/abc1_id_rsa.pub
  * 可以在 ssh 後面加上 -i /home/mytest/deploy-key/abc1_id_rsa 的參數指定使用哪個 deploy key <cli>ssh -T -i /home/mytest/deploy-key/abc1_id_rsa git@github.com</cli>
</WRAP>

===== 執行 git clone =====
  * Exp. <cli>git clone git@github.com:iii-org/devops-ui.git</cli>
  * ++看執行結果|<cli>
/home/mytest$ git clone git@github.com:iii-org/devops-ui.git
Cloning into 'devops-ui'...
Warning: Permanently added the RSA host key for IP address '52.192.72.89' to the list of known hosts.
remote: Enumerating objects: 17525, done.
remote: Counting objects: 100% (5563/5563), done.
remote: Compressing objects: 100% (2370/2370), done.
remote: Total 17525 (delta 3635), reused 4930 (delta 3011), pack-reused 11962
Receiving objects: 100% (17525/17525), 6.00 MiB | 4.67 MiB/s, done.
Resolving deltas: 100% (11017/11017), done.
</cli>++

<WRAP center round tip 60%>
  * 如果是多個 Deploy Key 的設定方式, 必須編輯 ~/.ssh/config 來指定哪個 github repo 用哪個 deploy key Exp. <cli>
Host devops-ui github.com
Hostname github.com
IdentityFile /home/mytest/github-key/iiiorg-devops-ui_id_rsa
User iii-org
Host repo-b-shortname github.com
Hostname github.com
IdentityFile /home/mytest/github-key/repo-b_id_rsa
#User username-on-remote-machine
</cli>

</WRAP>


===== 參考網址 =====
  * [[https://gist.github.com/auth/github?return_to=https%3A%2F%2Fgist.github.com%2Fzhujunsan%2Fa0becf82ade50ed06115|zhujunsan/Using Github Deploy Key.md]]
  * https://snipe.net/2013/04/11/multiple-github-deploy-keys-single-server/

{{tag>github deploy_key}}