-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login using default SSH key #1720
Comments
You can use see this for more info, it helped me #1347 |
Sorry for the confusion. It's not possible to authenticate with GitHub via SSH; SSH is just for the underlying git repos. Just like you have to log into github.com in the browser before you can interact with your repositories you need to use |
I know. That is why i've opened this issue in the first place. Can you please add this feature? |
And yes, i am fully aware that this would probably mean to add SSH based auth service to the github servers. |
This feature would be very useful. ssh-based authentication is much more secure than keeping an oath token on disk in plaintext. Since this oauth token allows users to add or remove ssh keys, this basically reduces the security of the whole system to the security of a single plaintext token. |
@jonathan-enf That's a fair point. While authenticating to the GitHub API will likely never be possible via SSH protocol, we do plan to make the stored authentication token more secure: #449 Meanwhile, to avoid gh storing the token internally in a possibly insecure location, you can set the GH_TOKEN environment variable. Your shell initialization script could populate that variable from a secure storage. Finally, gh auth token does not have permissions to write SSH keys by default. It only asks for |
Millions of new headless CLI-only servers, that were using Github as a repo, got the abrupt halt from automation of its own creation. I merely count as one. |
This one give me this error:
I have to use this instead:
After that, my CocoaPods SSH urls works even i did |
While not a published rfc, OCI (oracle cloud infrastructure) does support making calls to their API using SSH keys. This is done via https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12 The private key is used to sign the message body, much like AWS v4 signatures. The header includes the name of the SSH key. On the server side, the public key is looked up and used to verify the signature of the request. Once that happens, there is a mapping of a User to a request. The big caveat is that the SSH keys registered as authentication keys must be globally unique. This isn't true for registered git keys in Github; multiple users, orgs, etc can use the same SSH key. Perhaps Github could consider adding something like this: That key, however, would need to be UNIQUE per user. |
Some commands should be possible to use with only ssh, like |
I do mind using the browser -- needing to leave the terminal for a fresh auth flow is already annoying. Needing to do so when the service I'm authenticating to already has the necessary key material to avoid this problem altogether is even more annoying. Being misled by the prompt into believing the use of the SSH key is as authentication material, rather than identification material, is just the cherry on top. |
I'd like to add that this would also be useful for https://docs.github.com/en/copilot/github-copilot-in-the-cli/using-github-copilot-in-the-cli . Unless someone has a better idea, it looks like I have to also use a web auth flow in all my remote hosts just so I can use copilot at the CLI. Would be much convenient if the creds could be obtained from my forwarded ssh agent |
Describe the feature or problem you’d like to solve
I have full access to github repository using ssh key and my ssh client uses this key by default. Why do i need to login using
gh auth login
? Can't you just try to autologin using default ssh key without any additional tokens???Proposed solution
I want to install
gh
, change directory to git working tree (with properly set github origin) and usegh
without need for any aditional login. Just use it the same way i can dogit push -f origin master
without any login (since i already have ssh key setup on github).Or at least automaticaly acquire the token using the ssh-key at the first start without being so unnecessarily interactive and boring.
The text was updated successfully, but these errors were encountered: