How to Set Up an SSH Key for GitHub Authentication and Commit Signing

If you're looking to securely connect your local Git environment to GitHub for both authentication and commit signing, using an SSH key is a great way to enhance security and streamline the process. In this article, I'll guide you step-by-step through generating an SSH key, adding it to your GitHub account, and configuring Git to use the SSH key for commit signing. This method is simpler and faster than configuring GPG keys and provides a robust solution for managing GitHub repositories.

Step 1: Generate an SSH Key

First, you need to create an SSH key pair if you don’t already have one. Open PowerShell and run the following command:

ssh-keygen -t ed25519 -C "your_email@example.com"

• -t ed25519 specifies the key type (Ed25519 is a modern, secure choice).
• -C "your_email@example.com" is an optional comment that helps identify the key later.

Follow the prompts:

• Choose a location to save the key (press Enter to use the default: C:\Users\YourUsername\.ssh\id_ed25519).
• Set a passphrase for an added layer of security (optional but recommended).

Once generated, your SSH key pair will consist of two files:

• id_ed25519 (private key)
• id_ed25519.pub (public key)

Important: Keep your private key secure and never share it. Only the public key (id_ed25519.pub) should be shared.

Step 2: Copy the Public Key to Your Clipboard

Next, you need to copy your public key to your clipboard so you can add it to GitHub. Run this command in PowerShell:

Get-Content "$env:USERPROFILE\.ssh\id_ed25519.pub"

This command will display your public key in the terminal. Select the entire key (starting from ssh-ed25519 and ending with your email) and copy it to your clipboard.

Step 3: Add the SSH Key to Your GitHub Account

1. Log in to GitHub.
2. Go to Settings by clicking your profile picture in the top right and selecting Settings.
3. Navigate to SSH and GPG keys.
4. Click on New SSH key.
5. Paste your public key into the key field and give it a descriptive title (e.g., "My Work Laptop").
6. Click Add SSH Key to save.

Now, your GitHub account is set up to recognize the SSH key for secure communication.

Step 4: Configure Git to Use Your SSH Key

To ensure that Git uses your new SSH key, you need to tell Git where to find it:

git config --global core.sshCommand "C:\\Program Files\\Git\\usr\\bin\\ssh.exe"

This command sets Git to use the ssh.exe included with Git for Windows.

Step 5: Configure Git for Commit Signing

To use the SSH key for signing your commits, you need to set up your signing key:

1. Find the fingerprint of your SSH key by running:
   

   Get-ChildItem -Path "$env:USERPROFILE\.ssh\id_ed25519.pub"
   

This will show the file details, but to get the actual fingerprint of your private key, use the following:

```powershell
ssh-keygen -lf "$env:USERPROFILE\.ssh\id_ed25519"
```

1. Configure Git with your SSH key fingerprint:
   

   git config --global user.signingkey YOUR_SSH_KEY_FINGERPRINT
   git config --global commit.gpgsign true
   

   Replace YOUR_SSH_KEY_FINGERPRINT with the fingerprint you found in the previous step.

Step 6: Tell Git Which Key to Use for Signing

If you want to specify which key Git should use for signing commits in a particular repository, navigate to that repository and run:

git config --local user.signingkey YOUR_SSH_KEY_FINGERPRINT

Step 7: Sign Your Commits

Now that everything is set up, you can create signed commits with the -S option:

git commit -S -m "Your commit message"

This ensures that your commits are signed using the SSH key, adding an extra layer of security and proving the authenticity of your changes.

Step 8: Push Your Changes to GitHub

Finally, push your commits to GitHub:

git push origin main

With the SSH key configured for both authentication and signing, your commits will be securely pushed to GitHub with the signature intact.

Key Points to Remember

• Replace YOUR_SSH_KEY_FINGERPRINT with your actual SSH key fingerprint, which you can find by running ssh-keygen -lf "$env:USERPROFILE\.ssh\id_ed25519".
• Ensure your private key remains secure and only the public key (id_ed25519.pub) is shared.
• This approach streamlines Git configuration, avoiding the more complex setup associated with GPG keys.

Conclusion

By following these steps, you’ve securely set up SSH for authentication and commit signing with GitHub. This method is simpler and faster than configuring GPG and offers robust security for your codebase. Happy coding!