Github 使用 Deploy Key 存取 repo

打算將私有 repo 提供唯讀權限給特定對象, 但 Github 的 personal access token 並不提供這樣針對特定 repo 的唯讀權限設定, 後來發現似乎可以使用 repo 內的 Deploy Key 來達成.

建立 ssh key

ssh-keygen -t rsa -b 4096 -C "[email protected]"

觀看執行結果

/home/mytest$ ssh-keygen -t rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mytest/.ssh/id_rsa):
Created directory '/home/mytest/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mytest/.ssh/id_rsa
Your public key has been saved in /home/mytest/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:kLtdpnYOPVmTfTxxxxxxxxxxxxxxxxxx/jEYf7eCRzU [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|          ...= EX|
|       .   .o @+X|
|      o      =+X*|
|       o    ooo+O|
|      . S o.+o.oo|
|       o = o.... |
|      . = =      |
|       . + .     |
|          .      |
+----[SHA256]-----+

設定 Github Deploy Key

將剛剛產生的 pub 貼上 GitHub Deploy Key 內
```
cat .ssh/id_rsa.pub
```

檢查 git ssh key

確認剛剛產生的 key 是否在預設路徑 Exp. /home/mytest/.ssh/id_rsa

ssh -T [email protected]

看檢查訊息

/home/mytest$ ssh -T [email protected]
The authenticity of host 'github.com (52.69.186.44)' can't be established.
RSA key fingerprint is SHA256:nThbg6kxxxxxxxxxxxxxxxxxxxxdCARLviKw6E5SY8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com,52.69.186.44' (RSA) to the list of known hosts.
Hi iii-org/devops-ui! You've successfully authenticated, but GitHub does not provide shell access.

如果有多個 deploy key 採用不同檔名存放 Exp. /home/mytest/deploy-key/abc1_id_rsa /home/mytest/deploy-key/abc1_id_rsa.pub
可以在 ssh 後面加上 -i /home/mytest/deploy-key/abc1_id_rsa 的參數指定使用哪個 deploy key
```
ssh -T -i /home/mytest/deploy-key/abc1_id_rsa [email protected]
```

執行 git clone

Exp.

git clone [email protected]:iii-org/devops-ui.git

看執行結果

/home/mytest$ git clone [email protected]:iii-org/devops-ui.git
Cloning into 'devops-ui'...
Warning: Permanently added the RSA host key for IP address '52.192.72.89' to the list of known hosts.
remote: Enumerating objects: 17525, done.
remote: Counting objects: 100% (5563/5563), done.
remote: Compressing objects: 100% (2370/2370), done.
remote: Total 17525 (delta 3635), reused 4930 (delta 3011), pack-reused 11962
Receiving objects: 100% (17525/17525), 6.00 MiB | 4.67 MiB/s, done.
Resolving deltas: 100% (11017/11017), done.

如果是多個 Deploy Key 的設定方式, 必須編輯 ~/.ssh/config 來指定哪個 github repo 用哪個 deploy key Exp.

Host devops-ui github.com
Hostname github.com
IdentityFile /home/mytest/github-key/iiiorg-devops-ui_id_rsa
User iii-org
Host repo-b-shortname github.com
Hostname github.com
IdentityFile /home/mytest/github-key/repo-b_id_rsa
#User username-on-remote-machine

參考網址

github, deploy key