When you set up SSH, you will need to generate a new SSH key and add it to the ssh-agent. You must add the SSH key to your account on GitHub before you use the key to authenticate. For more information, see "Generating a new SSH key and adding it to the ssh-agent" and "Adding a new SSH key to your GitHub account."
You can further secure your SSH key by using a hardware security key, which requires the physical hardware security key to be attached to your computer when the key pair is used to authenticate with SSH. You can also secure your SSH key by adding your key to the ssh-agent and using a passphrase. For more information, see "Working with SSH key passphrases."
To use your SSH key with a repository owned by an organization that uses SAML single sign-on, you must authorize the key. For more information, see "Authorizing an SSH key for use with SAML single sign-on."
To maintain account security, you can regularly review your SSH keys list and revoke any keys that are invalid or have been compromised. For more information, see "Reviewing your SSH keys."
If you haven't used your SSH key for a year, then GitHub will automatically delete your inactive SSH key as a security precaution. For more information, see "Deleted or missing SSH keys."
If you're a member of an organization that provides SSH certificates, you can use your certificate to access that organization's repositories without adding the certificate to your account on GitHub. You cannot use your certificate to access forks of the organization's repositories that are owned by your user account. For more information, see "About SSH certificate authorities."