Managing GitHub repositories on a cloud server securely requires proper authentication. Deploy keys are one of the most effective ways to enable secure repository access. Deploy keys allow a server to pull (or optionally push) from a repository without requiring a personal GitHub account's credentials. This guide focuses on configuring deploy keys for multiple repositories on a cloud server.

What are Deploy Keys?

A deploy key is an SSH key associated with a specific GitHub repository, granting access without using a personal SSH key. Each repository requires its deploy key, meaning that multiple repositories need separate SSH keys.

Step 1: Generating SSH Keys for Each Repository

Since deploy keys are repository-specific, you need to create a separate SSH key for each repository.

Run the following command to generate a new key for a specific repository:

ssh-keygen -t rsa -b 4096 -C "deploy-key-repo1"

Save the key with a unique name.

~/.ssh/id_rsa_repo1

Repeat this step for each repository, ensuring unique filenames.

id_rsa_repo2, id_rsa_repo3, etc.

Step 2: Adding the Deploy Key to GitHub

Copy the public key:

cat ~/.ssh/id_rsa_repo1.pub

1. Go to GitHub > Your Repository > Settings > Deploy keys.

2. Click Add deploy key, and give it a descriptive name (e.g., Cloud Server Repo 1).

3. Paste the public key and click the Add key.

4. Repeat these steps for each repository, using its corresponding public key.

5. After generating a key for a repository, add the public key to GitHub:

Step 3: Configuring SSH for Multiple Deploy Keys

Since multiple repositories use different SSH keys, configure the SSH client to specify which key to use for each repository.

Start the SSH agent and add the keys:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa_repo1
ssh-add ~/.ssh/id_rsa_repo2

Edit the SSH configuration file:

nano ~/.ssh/config

Add entries for each repository:

Host repo1.github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa_repo1

Host repo2.github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa_repo2

This setup ensures that each repository uses the correct deploy key when making SSH requests.

Step 4: Testing the SSH Connection

After configuring SSH, verify that the connection works properly by testing each deploy key:

ssh -T git@repo1.github.com
ssh -T git@repo2.github.com

If everything is set up correctly, you should see a message like this:

Hi username! You've successfully authenticated, but GitHub does not provide shell access.

Step 5: Cloning Repositories with Deploy Keys

Now, you can clone repositories using their respective SSH aliases:

git clone git@repo1.github.com:username/repo1.git
git clone git@repo2.github.com:username/repo2.git

Since each repository is associated with a unique deploy key, the cloud server can securely access multiple repositories without requiring a single, shared SSH key.

Using deploy keys for each repository allows a cloud server to securely interact with multiple GitHub repositories without exposing personal credentials. By generating separate SSH keys and configuring SSH properly, you ensure a secure and efficient workflow. Implement this method to manage your repositories securely and efficiently!

Ref: https://docs.github.com/en/authentication/connecting-to-github-with-ssh