About addition of SSH keys to your account
You can access and write data in repositories on your GitHub Enterprise Server instance using SSH (Secure Shell Protocol). When you connect via SSH, you authenticate using a private key file on your local machine. For more information, see "About SSH."
You can also use SSH to sign commits and tags. For more information about commit signing, see "About commit signature verification."
After you generate an SSH key pair, you must add the public key to your GitHub Enterprise Server instance to enable SSH access for your account.
Prerequisites
Before adding a new SSH key to your account on your GitHub Enterprise Server instance, complete the following steps.
- Check for existing SSH keys. For more information, see "Checking for existing SSH keys."
- Generate a new SSH key and add it to your machine's SSH agent. For more information, see "Generating a new SSH key and adding it to the ssh-agent."
Adding a new SSH key to your account
You can add an SSH key and use it for authentication, or commit signing, or both. If you want to use the same SSH key for both authentication and signing, you need to upload it twice.
After adding a new SSH authentication key to your account on your GitHub Enterprise Server instance, you can reconfigure any local repositories to use SSH. For more information, see "Managing remote repositories."
Note: By default with GitHub Enterprise Server 3.6 and later, as of the cutoff date of midnight UTC on August 1, 2022, SSH connections that satisfy both of the following conditions will fail.
- The RSA key was added to a user account on your GitHub Enterprise Server instance after the cutoff date of midnight UTC on August 1, 2022.
- The SSH client signs the connection attempt with the SHA-1 hash function.
GitHub Enterprise Server 3.6 and later also does not support SSH connections that use DSA, HMAC-SHA-1, or CBC ciphers. RSA SSH keys uploaded before the cutoff date can continue to authenticate using the SHA-1 hash function as long as the key remains valid. For more information about finding the version of GitHub Enterprise Server that you use, see "About versions of GitHub Docs."
Your site administrator can adjust the cutoff date for connections using RSA-SHA-1, and may block all connections using RSA-SHA-1. For more information, contact your site administrator or see "Configuring SSH connections to your instance."
-
Copy the SSH public key to your clipboard.
If your SSH public key file has a different name than the example code, modify the filename to match your current setup. When copying your key, don't add any newlines or whitespace.
$ pbcopy < ~/.ssh/id_ed25519.pub # Copies the contents of the id_ed25519.pub file to your clipboard
Tip: If
pbcopy
isn't working, you can locate the hidden.ssh
folder, open the file in your favorite text editor, and copy it to your clipboard.$ clip < ~/.ssh/id_ed25519.pub # Copies the contents of the id_ed25519.pub file to your clipboard
Notes:
- With Windows Subsystem for Linux (WSL), you can use
clip.exe
. Otherwise ifclip
isn't working, you can locate the hidden.ssh
folder, open the file in your favorite text editor, and copy it to your clipboard. - On newer versions of Windows that use the Windows Terminal, or anywhere else that uses the PowerShell command line, you may receive a
ParseError
stating thatThe '<' operator is reserved for future use.
In this case, the following alternativeclip
command should be used:
$ cat ~/.ssh/id_ed25519.pub | clip # Copies the contents of the id_ed25519.pub file to your clipboard
$ cat ~/.ssh/id_ed25519.pub # Then select and copy the contents of the id_ed25519.pub file # displayed in the terminal to your clipboard
Tip: Alternatively, you can locate the hidden
.ssh
folder, open the file in your favorite text editor, and copy it to your clipboard. - With Windows Subsystem for Linux (WSL), you can use
-
In the upper-right corner of any page, click your profile photo, then click Settings.
-
In the "Access" section of the sidebar, click SSH and GPG keys.
-
Click New SSH key or Add SSH key.
-
In the "Title" field, add a descriptive label for the new key. For example, if you're using a personal laptop, you might call this key "Personal laptop".
-
Select the type of key, either authentication or signing. For more information about commit signing, see "About commit signature verification."
-
In the "Key" field, paste your public key.
-
Click Add SSH key.
-
If prompted, confirm access to your account on GitHub Enterprise Server. For more information, see "Sudo mode."
To learn more about GitHub CLI, see "About GitHub CLI."
Before you can use the GitHub CLI to add an SSH key to your account, you must authenticate to the GitHub CLI. For more information, see gh auth login
in the GitHub CLI documentation.
To add an SSH key to your GitHub account, use the ssh-key add
subcommand, specifying your public key. For authentication keys, if you're prompted to request additional scopes, follow the instructions in the command line.
gh ssh-key add KEY-FILE --type {authentication|signing}
To include a title for the new key, use the -t
or --title
flag.
gh ssh-key add KEY-FILE --title "personal laptop"
If you generated your SSH key by following the instructions in "Generating a new SSH key and adding it to the ssh-agent", you can add the key to your account with this command.
gh ssh-key add ~/.ssh/id_ed25519.pub --type signing