How do I setup SSH key based authentication for GitHub by using ~/.ssh/config file?

Here is а short manual how to setup SSH key based authentication for GitHub.

1. Install the openssh-client if it is not already installed, and of course git:

sudo apt update && sudo apt install -y openssh-client git

2. Create user's ssh directory and a sub directory where your dedicated GitHub ssh key will be stored:

mkdir -p -m 700 ~/.ssh/github

• The option -m 700 is equivalent to chmod 700 ~/.ssh ~/.ssh/github.

3. Generate the SSH key (the output key will have octal permissions 600):

ssh-keygen -t ed25519 -C '[email protected]' -f ~/.ssh/github/id_ed25519 -q -N ''

• -q - silence ssh-keygen; -N '' - empty (without) passphrase, you can assign one if you want. If it is passphrase protected key, you can add -a 256 (default is 16) to increase the security of the passphrase by decreasing its verification.

4. Copy the content of the file id_ed25519.pub, use the following command to output it:

cat ~/.ssh/github/id_ed25519.pub

5. Go to your GitHub account and follow these steps:

• From the drop-down menu in upper right corner select Settings.
• Then from the menu at the left side select SSH and GPG keys.
• Click on the New SSH Key button.
• Type some meaningful for a Title and paste the content of ~/.ssh/github/id_ed25519.pub in the field Key.
• Then click on the Add SSH Key button.

6. Create the ~/.ssh/config file, if it doesn't already exist:

touch ~/.ssh/config
chmod 600 ~/.ssh/config

Edit the config file and add the following entry for the new SSH key:

Host github.com
    IdentityFile ~/.ssh/github/id_ed25519

7. Test the setup. Use the following command:

ssh -T [email protected]

On the question - Are you sure you want to continue connecting (yes/no)? - answer with yes. If everything went well you should receive a greeting message like this:

Hi pa4080! You've successfully authenticated, ...

How to use the SSH key.

1. If you have already cloned repository through HTTPS, by using a command as these:

git clone https://github.com/username/repository-name.git
git clone git://github.com/username/repository-name

Go inside the repository's directory and execute the next command to allow work via SSH:

git remote set-url origin [email protected]:username/repository-name.git

2. Direct clone a repository via SSH:

git clone [email protected]:username/repository-name.git

3. In addition if you are using VSC it will work without problems with this setup. For already clonned repositories just use the Open Folder option and all VSC Git features will work.

Thanks to @k..a..b the examples in the answers were updated from using RSA key pair to using ED25519 which is more secure. Here are few references about that:

• SSH Key: Ed25519 vs RSA
• Is it bad that my ed25519 key is so short compared to a RSA key?
• Upgrade Your SSH Key to Ed25519
• How to secure your SSH server with public key Ed25519 Elliptic Curve Cryptography

this file is not available by default. You have to create it. Please be aware SSH keys and ~/.ssh/config are separate files (with different purpose).

your SSH keys are stored in ~/.ssh (use ls -al ~/.ssh to see them all) and your SSH config is stored in the ~/.ssh/config. If you don't have it feel free to use touch ~/.ssh/config to create it.

If you want to use your key with GitHub/Bitbucket/GitLab use the following:

Start the ssh-agent in the background:

eval $('ssh-agent -s')

Then add the SSH private key to the ssh-agent and store your passphrase (if created) in the keychain:

ssh-add -K ~/.ssh/id_ed25519 

In the above case id_ed25519 is your private SSH key file. If you have a different name for your private key, likely because you used a different cryptographic algorithm (i.e. RSA or ECDSA) just change it to your real private key file name.

If key pair is generated with RSA algorithm it should appears as follows:

ssh-add -k ~/.ssh/id_rsa

Else, it will appears as so if keys are generated with ECDSA:

ssh-add -k ~/.ssh/id_ecdsa