From 08657ac95d4480d9e31e4ada7665120a9da4af4d Mon Sep 17 00:00:00 2001 From: "Jake Tarren (DevOps Overlord)" Date: Tue, 13 Oct 2020 15:54:46 -0400 Subject: [PATCH 01/10] Update managing-deploy-keys.md Adds instructions on defining unique ssh keys (deploy keys) per repo on one server by using the ssh config file. --- .../overview/managing-deploy-keys.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 790d9bdf2dd7..265d6cfd8a89 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -82,6 +82,36 @@ See [our guide on Git automation with tokens][git-automation]. 7. Select **Allow write access** if you want this key to have write access to the repository. A deploy key with write access lets a deployment push to the repository. 8. Click **Add key**. +##### Multiple Repositories on once server + +GitHub does not allow users to reuse deploy keys across multiple repositories, so when a personal key pair is undesirable (such as a deployment server) users have to generate a dedicated key pair for each repository they require. Additionally, Git (currently) does not provide a way of configuring a preferred private key when using ssh remotes. + +###### Setup + +1. Using your favorite text editor, open up the file at `~/.ssh/config`. If this file doesn't exist, you can create it by entering `touch ~/.ssh/config` in the terminal. +2. Assign a unique private key to each repo as done in the following example: +``` +Host example.com-repo-0 + Hostname github.com + IdentityFile=/home/user/.ssh/repo-0_deploy_key + +Host git.colasdn.top-repo-1 + Hostname github.com + IdentityFile=/home/user/.ssh/repo-1_deploy_key + +Host git.colasdn.top-repo-2 + Hostname github.com + IdentityFile=/home/user/.ssh/repo-2_deploy_key +``` + +###### Example Usage + +To clone a repository with a unique Deploy Key, use the appropriate host defined in the `~/.ssh/config` file as in the following example: + +``` +git clone git@git.colasdn.top-repo-1:github-user/repo-1.git +``` + ### Machine users If your server needs to access multiple repositories, you can create a new {% data variables.product.product_name %} account and attach an SSH key that will be used exclusively for automation. Since this {% data variables.product.product_name %} account won't be used by a human, it's called a _machine user_. You can add the machine user as a [collaborator][collaborator] on a personal repository (granting read and write access), as an [outside collaborator][outside-collaborator] on an organization repository (granting read, write, or admin access), or to a [team][team] with access to the repositories it needs to automate (granting the permissions of the team). From 35d531354568151ebd2bb6d07114601057345119 Mon Sep 17 00:00:00 2001 From: "Jake Tarren (DevOps Overlord)" Date: Tue, 13 Oct 2020 16:14:36 -0400 Subject: [PATCH 02/10] Update managing-deploy-keys.md --- content/developers/overview/managing-deploy-keys.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 265d6cfd8a89..b2e3ddaf8dd5 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -89,9 +89,9 @@ GitHub does not allow users to reuse deploy keys across multiple repositories, s ###### Setup 1. Using your favorite text editor, open up the file at `~/.ssh/config`. If this file doesn't exist, you can create it by entering `touch ~/.ssh/config` in the terminal. -2. Assign a unique private key to each repo as done in the following example: +2. Create an alias for each repository that points to the git server and assignes the private key: ``` -Host example.com-repo-0 +Host git.colasdn.top-repo-0 Hostname github.com IdentityFile=/home/user/.ssh/repo-0_deploy_key @@ -106,7 +106,7 @@ Host git.colasdn.top-repo-2 ###### Example Usage -To clone a repository with a unique Deploy Key, use the appropriate host defined in the `~/.ssh/config` file as in the following example: +To clone a repository with a unique Deploy Key, use the the alias as defined in the `~/.ssh/config`: ``` git clone git@git.colasdn.top-repo-1:github-user/repo-1.git From 6ceecfa4307f1cad55c02f140477f20e7c1daf24 Mon Sep 17 00:00:00 2001 From: "Jake Tarren (DevOps Overlord)" Date: Wed, 14 Oct 2020 16:56:54 -0400 Subject: [PATCH 03/10] Update managing-deploy-keys.md Fixes a small typo --- content/developers/overview/managing-deploy-keys.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index b2e3ddaf8dd5..0e7705d62157 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -82,7 +82,7 @@ See [our guide on Git automation with tokens][git-automation]. 7. Select **Allow write access** if you want this key to have write access to the repository. A deploy key with write access lets a deployment push to the repository. 8. Click **Add key**. -##### Multiple Repositories on once server +##### Multiple Repositories on One Server GitHub does not allow users to reuse deploy keys across multiple repositories, so when a personal key pair is undesirable (such as a deployment server) users have to generate a dedicated key pair for each repository they require. Additionally, Git (currently) does not provide a way of configuring a preferred private key when using ssh remotes. From dfdccd564451b521c999db1d221039e964232378 Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Tue, 10 Nov 2020 17:13:21 +1000 Subject: [PATCH 04/10] Added some edits to draft --- .../overview/managing-deploy-keys.md | 20 ++++++++----------- 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index fe4233c4d244..562808031408 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -83,15 +83,13 @@ See [our guide on Git automation with tokens][git-automation]. 7. Select **Allow write access** if you want this key to have write access to the repository. A deploy key with write access lets a deployment push to the repository. 8. Click **Add key**. -##### Multiple Repositories on One Server +##### Using multiple repositories on one server -GitHub does not allow users to reuse deploy keys across multiple repositories, so when a personal key pair is undesirable (such as a deployment server) users have to generate a dedicated key pair for each repository they require. Additionally, Git (currently) does not provide a way of configuring a preferred private key when using ssh remotes. +If you use multiple repositories on one server, you will need to generate a dedicated key pair for each one. You can't reuse a deploy key for multiple repositories. -###### Setup +In the server's SSH configuration file (usually `~/.ssh/config`), add an alias entry for each repository. For example: -1. Using your favorite text editor, open up the file at `~/.ssh/config`. If this file doesn't exist, you can create it by entering `touch ~/.ssh/config` in the terminal. -2. Create an alias for each repository that points to the git server and assignes the private key: -``` +```bash Host git.colasdn.top-repo-0 Hostname github.com IdentityFile=/home/user/.ssh/repo-0_deploy_key @@ -99,15 +97,13 @@ Host git.colasdn.top-repo-0 Host git.colasdn.top-repo-1 Hostname github.com IdentityFile=/home/user/.ssh/repo-1_deploy_key - -Host git.colasdn.top-repo-2 - Hostname github.com - IdentityFile=/home/user/.ssh/repo-2_deploy_key ``` -###### Example Usage +* `Host git.colasdn.top-repo-0` - The repository's alias. +* `Hostname github.com` - Configures the alias to use the {% data variables.product.product_name %} server. +* `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - assigns a private key to the alias. -To clone a repository with a unique Deploy Key, use the the alias as defined in the `~/.ssh/config`: +With these entries, you can then use the alias to clone a repository with a unique Deploy Key. For example: ``` git clone git@git.colasdn.top-repo-1:github-user/repo-1.git From 1931771cca3f17ae9ceef0500f7d43a596af20dc Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Tue, 10 Nov 2020 17:26:01 +1000 Subject: [PATCH 05/10] Some small fixes --- content/developers/overview/managing-deploy-keys.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 562808031408..dfb3b758347d 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -101,12 +101,12 @@ Host git.colasdn.top-repo-1 * `Host git.colasdn.top-repo-0` - The repository's alias. * `Hostname github.com` - Configures the alias to use the {% data variables.product.product_name %} server. -* `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - assigns a private key to the alias. +* `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - Assigns a private key to the alias. -With these entries, you can then use the alias to clone a repository with a unique Deploy Key. For example: +With these entries, you can then use the alias to clone a repository with a unique deploy key. For example: -``` -git clone git@git.colasdn.top-repo-1:github-user/repo-1.git +```bash +$ git clone git@git.colasdn.top-repo-1:github-user/repo-1.git ``` ### Machine users From 69b554595406aa9f682b6e03bba7d7ee5b09738a Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Tue, 10 Nov 2020 17:34:36 +1000 Subject: [PATCH 06/10] Rephrased example sentence --- content/developers/overview/managing-deploy-keys.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index dfb3b758347d..6466924e8846 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -103,7 +103,7 @@ Host git.colasdn.top-repo-1 * `Hostname github.com` - Configures the alias to use the {% data variables.product.product_name %} server. * `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - Assigns a private key to the alias. -With these entries, you can then use the alias to clone a repository with a unique deploy key. For example: +With these entries added, you can then use the alias to clone a repository, and the unique deploy key is automatically presented. For example: ```bash $ git clone git@git.colasdn.top-repo-1:github-user/repo-1.git From b7bfb89640db866e3222b67e6e92804c6a07de51 Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Thu, 12 Nov 2020 14:36:37 +1000 Subject: [PATCH 07/10] Apply suggestions from code review Co-authored-by: Lucas Costi --- content/developers/overview/managing-deploy-keys.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 6466924e8846..35bd586aa5a5 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -103,10 +103,10 @@ Host git.colasdn.top-repo-1 * `Hostname github.com` - Configures the alias to use the {% data variables.product.product_name %} server. * `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - Assigns a private key to the alias. -With these entries added, you can then use the alias to clone a repository, and the unique deploy key is automatically presented. For example: +With these entries added, you can then use the alias of the hostname to interact with the repository using SSH, so the unique deploy key for that alias used. For example: ```bash -$ git clone git@git.colasdn.top-repo-1:github-user/repo-1.git +$ git clone git@git.colasdn.top-repo-1:OWNER/repo-1.git ``` ### Machine users From b6417beaafc3fec5cde82e5ac1bd8eb214a2174c Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Thu, 12 Nov 2020 14:49:43 +1000 Subject: [PATCH 08/10] Rephrasing for easier compatibility --- content/developers/overview/managing-deploy-keys.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 35bd586aa5a5..50d9db2a5f0b 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -100,7 +100,7 @@ Host git.colasdn.top-repo-1 ``` * `Host git.colasdn.top-repo-0` - The repository's alias. -* `Hostname github.com` - Configures the alias to use the {% data variables.product.product_name %} server. +* `Hostname github.com` - Configures the hostname to use with the alias. * `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - Assigns a private key to the alias. With these entries added, you can then use the alias of the hostname to interact with the repository using SSH, so the unique deploy key for that alias used. For example: From ae8805a1f0afb8ad931eb51300a6937638efcc3b Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Fri, 13 Nov 2020 15:27:15 +1000 Subject: [PATCH 09/10] Added versioning for GHES --- .../developers/overview/managing-deploy-keys.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 50d9db2a5f0b..6c829e6dbae4 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -90,23 +90,23 @@ If you use multiple repositories on one server, you will need to generate a dedi In the server's SSH configuration file (usually `~/.ssh/config`), add an alias entry for each repository. For example: ```bash -Host git.colasdn.top-repo-0 - Hostname github.com +Host {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}-repo-0 + Hostname {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %} IdentityFile=/home/user/.ssh/repo-0_deploy_key -Host git.colasdn.top-repo-1 - Hostname github.com +Host {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}-repo-1 + Hostname {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %} IdentityFile=/home/user/.ssh/repo-1_deploy_key ``` -* `Host git.colasdn.top-repo-0` - The repository's alias. -* `Hostname github.com` - Configures the hostname to use with the alias. +* `Host {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}-repo-0` - The repository's alias. +* `Hostname {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}` - Configures the hostname to use with the alias. * `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - Assigns a private key to the alias. With these entries added, you can then use the alias of the hostname to interact with the repository using SSH, so the unique deploy key for that alias used. For example: ```bash -$ git clone git@git.colasdn.top-repo-1:OWNER/repo-1.git +$ git clone git@{% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}-repo-1:OWNER/repo-1.git ``` ### Machine users From eca5ebb69950e95be05f947ecdab0e7e69f2bc93 Mon Sep 17 00:00:00 2001 From: Martin Lopes <54248166+martin389@users.noreply.github.com> Date: Fri, 13 Nov 2020 16:22:36 +1000 Subject: [PATCH 10/10] Small edit --- content/developers/overview/managing-deploy-keys.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/developers/overview/managing-deploy-keys.md b/content/developers/overview/managing-deploy-keys.md index 6c829e6dbae4..b1c958c59032 100644 --- a/content/developers/overview/managing-deploy-keys.md +++ b/content/developers/overview/managing-deploy-keys.md @@ -103,7 +103,7 @@ Host {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE * `Hostname {% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}` - Configures the hostname to use with the alias. * `IdentityFile=/home/user/.ssh/repo-0_deploy_key` - Assigns a private key to the alias. -With these entries added, you can then use the alias of the hostname to interact with the repository using SSH, so the unique deploy key for that alias used. For example: +You can then use the hostname's alias to interact with the repository using SSH, which will use the unique deploy key assigned to that alias. For example: ```bash $ git clone git@{% if currentVersion == "free-pro-team@latest" %}github.com{% else %}my-GHE-hostname.com{% endif %}-repo-1:OWNER/repo-1.git