SSHでGitHubに接続する手順

新しいPCを使うことになり当然GitHubに接続するのだが、意外と忘れていたので今後のためにメモしておく。作業自体は簡単だけどそんなに頻繁にすることでもないから無理に覚えて脳内ディスクを消費する必要もない。ちなみにこれらの鍵はダミーなので不正アクセスを試みて貴重な時間を無駄にしないように。

開発環境↓

% system_profiler SPHardwareDataType
Hardware:

    Hardware Overview:

      Model Name: MacBook Pro
      Model Identifier: MacBookPro16,3
      Processor Name: Quad-Core Intel Core i5
      Processor Speed: 1.4 GHz
      Number of Processors: 1
      Total Number of Cores: 4
      L2 Cache (per Core): 256 KB
      L3 Cache: 6 MB
      Hyper-Threading Technology: Enabled
      Memory: 16 GB
      System Firmware Version: 1554.100.64.0.0 (iBridge: 18.16.14556.0.0,0)

% sw_vers
ProductName:	macOS
ProductVersion:	11.3
BuildVersion:	20E232

% git --version
git version 2.31.1

% zsh --version
zsh 5.8 (x86_64-apple-darwin20.0)

まずはSSHキーの置いてある隠しフォルダに移動する。

% cd ~/.ssh
cd: no such file or directory: /Users/ki/.ssh

が、そもそもデフォルトでは存在しないのフォルダなので仮のSSHキーを生成してみる。

% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/ki/.ssh/id_rsa):
Created directory '/Users/ki/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/ki/.ssh/id_rsa.
Your public key has been saved in /Users/ki/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dAKV6XDV7vhnRYHxVTTtoQbFmFXdgjtU+UUZOMhfoVo ki@my.local
The key's randomart image is:
+---[RSA 3072]----+
|      ...+o.B**O&|
|      ..+  *+===B|
|       +o .ooE+=+|
|       ..o  *+  +|
|        S  +.. . |
|          . .   .|
|           .   . |
|            . o  |
|             o   |
+----[SHA256]-----+

秘密鍵と公開鍵が生成された。lsコマンドで確認してみる。

% ls -al ~/.ssh
total 16
drwx------   4 ki  staff   128  2 11 22:29 .
drwxr-xr-x+ 28 ki  staff   896  2 11 22:29 ..
-rw-------   1 ki  staff  2635  2 11 22:29 id_rsa
-rw-r--r--   1 ki  staff   565  2 11 22:29 id_rsa.pub

すると、デフォルトでは鍵長が2635と少し物足りない。せっかくなら長いほうが良いのでオプションを指定して生成する。オプションの中身を見れば大体分かると思う。

% ssh-keygen -t rsa -b 4096 -C "oo@kiki.ooo" -f ~/.ssh/id_rsa_github_private
Generating public/private rsa key pair.
Created directory '/Users/ki/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/ki/.ssh/id_rsa_github_private.
Your public key has been saved in /Users/ki/.ssh/id_rsa_github_private.pub.
The key fingerprint is:
SHA256:Nz5kdxTXWPSburf4STKM3h29FVW86ezjTZ2WZVTRsKB+c oo@kiki.ooo
The key's randomart image is:
+---[RSA 4096]----+
|           =+...=|
|            +o.o.|
|   .        .o.. |
|  + .         +. |
| o . .  S    . ..|
|    . .. .  .   .|
| . o o .....    .|
|+ = * . .... o=.+|
|oOE+.o   .o .+**B|
+----[SHA256]-----+

% ssh-keygen -l -f ~/.ssh/id_rsa_github_private.pub
4096 SHA256:Nz5kdxTXWPSburf4STKM3h29FVW86ezjTZ2WZVTRsKB+c oo@kiki.ooo (RSA)

生成された秘密鍵をGitHubにコピペするためにクリップボードにコピーする。

% pbcopy < ~/.ssh/id_rsa_github_private

GitHubにペーストした後にSSHで接続できるか検証。なぜか、接続失敗。

% ssh -T git@github.com
The authenticity of host 'github.com (52.69.186.44)' can't be established.
RSA key fingerprint is SHA256:Nz5kdxTXWPSburf4STKM3h29FVW86ezjTZ2WZVTRsKB.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'github.com,52.69.186.44' (RSA) to the list of known hosts.
git@github.com: Permission denied (publickey).

それもそのはずで設定を書いてなかった。

Host github_p
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_github_private
Port 22
TCPKeepAlive yes
IdentitiesOnly yes
AddKeysToAgent yes

改めてSSHで接続(ログ付き)してみる。

% ssh -vT github_p
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/ki/.ssh/config
debug1: /Users/ki/.ssh/config line 1: Applying options for github_p
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/ki/.ssh/id_rsa_github_private type 0
debug1: identity file /Users/ki/.ssh/id_rsa_github_private-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version babeld-c34a939f
debug1: no match: babeld-c34a939f
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:Nz5kdxTXWPSburf4STKM3h29FVW86ezjTZ2WZVTRsKB
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/ki/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '52.192.72.89' to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/ki/.ssh/id_rsa_github_private RSA SHA256:6n7Z+Vc5AgkN/bVuS6goCVBdoq34L26v/65yf7YVxYw explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/ki/.ssh/id_rsa_github_private RSA SHA256:6n7Z+Vc5AgkN/bVuS6goCVBdoq34L26v/65yf7YVxYw explicit
debug1: Server accepts key: /Users/ki/.ssh/id_rsa_github_private RSA SHA256:6n7Z+Vc5AgkN/bVuS6goCVBdoq34L26v/65yf7YVxYw explicit
Enter passphrase for key '/Users/ki/.ssh/id_rsa_github_private':
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([52.192.72.89]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LC_TERMINAL_VERSION = 3.4.4
debug1: Sending env LANG = ja_JP.UTF-8
debug1: Sending env LC_TERMINAL = iTerm2
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi ktnkk! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3564, received 2724 bytes, in 0.4 seconds
Bytes per second: sent 9029.9, received 6901.6
debug1: Exit status 1

成功!

To comment

@TOC
閉じる