Upgrade to Pro — share decks privately, control downloads, hide ads and more …

github-keygen @ OWF12

github-keygen @ OWF12

Présentation éclair sur github-keygen à l'OpenWorldForum 2012. #OWF12

Olivier Mengué

October 12, 2012
Tweet

More Decks by Olivier Mengué

Other Decks in Programming

Transcript

  1. Problématique • Développement avec Git et Github • 3 PC

    perso • 2 OS... • … sur chaque PC • 6 environnements de dev
  2. Besoin • Simplifier la config initiale • Reproductibilité • Best

    practices SSH • Sur la durée → upgrade • Partage de la solution • Transparence, confiance
  3. Github SSH authentification Repo permissions Github user SSH key 2

    (machine 2) SSH key 1 (machine 1) SSH key 3 Generic Git over SSH model, not Github specific
  4. Gestion de la config SSH locale de vos accès Github

    • Création de clés : facile, sécurisé, et indépendante (clé dédiée à Github) • Config ~/.ssh/config • Multiples comptes GitHub sur un compte machine • Des alias pour vos « git remote »
  5. $ ./github-keygen toto Accounts: toto Creating private key '/home/dolmen/.ssh/id_toto@github' for

    'toto'... Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/dolmen/.ssh/id_toto@github. Your public key has been saved in /home/dolmen/.ssh/[email protected]. The key fingerprint is: 94:f5:35:41:9d:19:b0:88:c2:6c:fa:99:d0:6d:a6:22 marine/[email protected] The key's randomart image is: +--[ RSA 2048]----+ | . o*++| | o o.....+.| | =o. ... | | +.o | | o .S+ | | o * | | E . = | | . . | | | +-----------------+ Saving Github hosts authentication keys in ~/.ssh/known_hosts_github...
  6. Saving ~/.ssh/config... @@ -0,0 +1,29 @@ +# -- github-keygen -

    begin -- + +Host *.github.com +Hostname github.com + +Host *.gist.github.com +Hostname gist.github.com + +Host github.com gist.github.com *.github.com *.gist.github.com +User git +# Enforce host checks +StrictHostKeyChecking yes +UserKnownHostsFile ~/.ssh/known_hosts_github +# Hosts added later (identified by IP) will be hashed +HashKnownHosts yes +# GitHub has not yet (2011-05) implemented SSHFP (RFC 4255) +VerifyHostKeyDNS no +# Enable only the required authentication +PubkeyAuthentication yes +PreferredAuthentications publickey +# Trust no one, especially the remote +ForwardAgent no +ForwardX11 no +PermitLocalCommand no + +Host toto.github.com toto.gist.github.com +IdentityFile ~/.ssh/id_toto@github + +# -- github-keygen - end -- Done.
  7. SSH host aliases pour multi comptes Repo permissions GH user

    2 SSH key 2 SSH key 1 Generic Git over SSH model, not Github specific Repo permissions GH user 1 Host 2 Host 1
  8. # Sans github-keygen $ git clone [email protected]:dolmen/github-keygen.git # Avec $

    git clone toto.github.com:dolmen/github- keygen.git SSH host aliases