title |
---|
GitHub - SSH keys |
$ git clone https://github.com/ooo/xxxxx.git
Cloning into 'xxxxx'...
> Username for 'https://github.com': xxx
> Password for 'https://[email protected]':
remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: Authentication failed for 'https://github.com/ooo/xxxxx.git/'
因為換了新的MacBook M1,在clone非公開repo時用上方的步驟,驗證完帳號密碼會出現錯誤訊息。 大意就是在2021/8/13開始,不再支援密碼驗證,只能使用個人的token進行驗證…。 所以才有這篇記錄如何使用SSH驗證的方式存取GitHub repo。
-
列出.ssh資料夾中的檔案
$ ls -al ~/.ssh
-
如果像下列,表示已有公用SSH金鑰
total 24 drwx------ 5 xxx staff 160 Nov 22 20:43 . drwxr-xr-x+ 38 xxx staff 1216 Nov 22 20:39 .. -rw-r--r--@ 1 xxx staff 78 Nov 22 20:43 config -rw------- 1 xxx staff 464 Nov 22 20:40 id_ed25519 -rw-r--r-- 1 xxx staff 99 Nov 22 20:40 id_ed25519.pub
-
GitHub支援的公用金鑰種類如下:
- id_rsa.pub
- id_ecdsa.pub
- id_ed25519.pub
(已有符合種類的公用金鑰,可直接跳到下一步驟)
-
沒有的話會得到下列訊息
ls: /Users/xxx/.ssh: No such file or directory
-
需要產生一組ssh金鑰 (rsa / ecdsa / ed25519皆可用,此處以ed25519為例)
$ ssh-keygen -t ed25519 -C "[email protected]" Generating public/private ed25519 key pair. > Enter file in which to save the key (/Users/xxx/.ssh/id_ed25519): [這邊直接按Enter,會自動生成資料夾到預設路徑] Created directory '/Users/xxx/.ssh'. > Enter passphrase (empty for no passphrase): [設定這組金鑰的密碼] > Enter same passphrase again: [再次輸入確認密碼] Your identification has been saved in /Users/xxx/.ssh/id_ed25519. Your public key has been saved in /Users/xxx/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:***************************** [email protected] The key's randomart image is: +--[ED25519 256]--+ | ***o* | |. ++.oo | |o=***... | |*******o | |o**.o.+ S | |o** *. | |* .o. | | **=.+ | |. =o**. | +----[SHA256]-----+
- 在背景中啟用ssh-agent (如果帳號無管理者權限,可能會需要先啟用root存取權限)
$ eval "$(ssh-agent -s)" Agent pid 9265
- 如果使用macOS Sierra 10.12.2以上版本,需修改~/.ssh/config以使ssg-agent能讀取金鑰、並將passphrases設定的密碼存入鑰匙圈(keychain)中
- 確認是否有~/.ssh/config設定檔
$ open ~/.ssh/config
- 沒有的話會得到下列訊息
The file /Users/xxx/.ssh/config does not exist.
- 需要生成該檔案再開啟
$ touch ~/.ssh/config
- 開啟後,內容應該包含下列文字 (~/.ssh/id_ed25519為私鑰檔案路徑)
Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_ed25519
- 確認是否有~/.ssh/config設定檔
- 確認設定檔無誤,即可將ssh私鑰加入ssh-agent中
$ ssh-add -K ~/.ssh/id_ed25519
-
確認設定檔無誤,即可將ssh私鑰加入ssh-agent中
- 執行下列指令,會將公鑰內容存入到剪貼簿中(再command-v即貼上)
$ pbcopy < ~/.ssh/id_ed25519.pub
- 或執行下述指令,將公鑰內容輸出後,再自行複製
$ cat ~/.ssh/id_ed25519.pub ssh-ed25519 ************************* [email protected] [複製這行]
- 執行下列指令,會將公鑰內容存入到剪貼簿中(再command-v即貼上)
-
登入GitHub頁面,點擊 個人圖像 -> Settings -> SSH and GPG keys -> new SSH key
- 將前一步複製的公鑰貼到Key下方的框框,在Title輸入想要的名稱(ex:MacBook)
- 點擊"Add SSH key"以新增SSH金鑰
- 可能會跳出GitHub的密碼確認視窗,輸入後即完成新增金鑰
-
允許以ssh方式與GitHub連線
$ ssh -T [email protected] The authenticity of host 'github.com (13.114.40.48)' can't be established. ECDSA key fingerprint is SHA256:******************************************. > Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'github.com,13.114.40.48' (ECDSA) to the list of known hosts. Hi username! You've successfully authenticated, but GitHub does not provide shell access.
-
完成後,需要clone repo時,記得要先選到SSH再複製(選到HTTPS就不是用ssh機制囉)
git clone [email protected]:xxx/xxx.git
reference: