github-keygen @ OWF12

Transcript

1. github-keygen

2. Problématique • Développement avec Git et Github • 3 PC

   perso • 2 OS... • … sur chaque PC • 6 environnements de dev

3. Besoin • Simplifier la config initiale • Reproductibilité • Best

   practices SSH • Sur la durée → upgrade • Partage de la solution • Transparence, confiance

4. Git(hub) SSH authentification Repo permissions Github user SSH key Generic

   Git over SSH model, not Github specific

5. Github SSH authentification Repo permissions Github user SSH key 2

   (machine 2) SSH key 1 (machine 1) SSH key 3 Generic Git over SSH model, not Github specific

6. Gestion de la config SSH locale de vos accès Github

   • Création de clés : facile, sécurisé, et indépendante (clé dédiée à Github) • Config ~/.ssh/config • Multiples comptes GitHub sur un compte machine • Des alias pour vos « git remote »

7. $ git clone https://github.com/dolmen/github-keygen.git $ cd github-keygen $ perldoc github-keygen

   # Optionnel $ sudo apt-get install xclip libtext-diff-perl

8. $ ./github-keygen toto Accounts: toto Creating private key '/home/dolmen/.ssh/id_toto@github' for

   'toto'... Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/dolmen/.ssh/id_toto@github. Your public key has been saved in /home/dolmen/.ssh/[email protected]. The key fingerprint is: 94:f5:35:41:9d:19:b0:88:c2:6c:fa:99:d0:6d:a6:22 marine/[email protected] The key's randomart image is: +--[ RSA 2048]----+ | . o*++| | o o.....+.| | =o. ... | | +.o | | o .S+ | | o * | | E . = | | . . | | | +-----------------+ Saving Github hosts authentication keys in ~/.ssh/known_hosts_github...

9. Saving ~/.ssh/config... @@ -0,0 +1,29 @@ +# -- github-keygen -

   begin -- + +Host *.github.com +Hostname github.com + +Host *.gist.github.com +Hostname gist.github.com + +Host github.com gist.github.com *.github.com *.gist.github.com +User git +# Enforce host checks +StrictHostKeyChecking yes +UserKnownHostsFile ~/.ssh/known_hosts_github +# Hosts added later (identified by IP) will be hashed +HashKnownHosts yes +# GitHub has not yet (2011-05) implemented SSHFP (RFC 4255) +VerifyHostKeyDNS no +# Enable only the required authentication +PubkeyAuthentication yes +PreferredAuthentications publickey +# Trust no one, especially the remote +ForwardAgent no +ForwardX11 no +PermitLocalCommand no + +Host toto.github.com toto.gist.github.com +IdentityFile ~/.ssh/id_toto@github + +# -- github-keygen - end -- Done.

10. La clé publique SSH est copiée dans le presse-papier Collez

    la sur https://github.com/account/ssh

11. SSH host aliases pour multi comptes Repo permissions GH user

    2 SSH key 2 SSH key 1 Generic Git over SSH model, not Github specific Repo permissions GH user 1 Host 2 Host 1

12. # Sans github-keygen $ git clone [email protected]:dolmen/github-keygen.git # Avec $

    git clone toto.github.com:dolmen/github- keygen.git SSH host aliases

13. # Nouveau compte $ github-keygen toto-work # Supprimer un compte

    $ github-keygen toto -r

14. github-keygen github.com/dolmen/github-keygen