How to use Git with private repositories

This guide will show you how to access private repositories on Github. This is not as straight-forward as it used to be since Github has made SSH mandatory for accessing private repositories a few years ago. So some low-level set up is required to make this work. I found the official documentation by Github to be lacking a few details, which is why I have written this guide. Public repositories can be accessed via SSH or the more traditional HTTPS, so this does not require any special setup.

Creating the SSH key pair and setting the repo URL

  1. The following steps should work on any Linux shell and any other Unix-like shell, such as Cygwin or Git Bash.
  2. First things first, we create new pair of private and public keys to be used for Github. 
    ssh-keygen -t rsa -b 4096 -f ~/.ssh/githubkey
    This line will generate two files githubkey and githubkey.pub within the .ssh subdirectory of your home directory. The first file is the private key and the second file is the public key.

    Instead of an RSA key pair, you might opt to use an ed25519 key pair instead. This new type of key pair is faster and safer. Some older servers may not support it, but Github does. If that is your choice, you change the previous line to: 
    ssh-keygen -t ed25519 -f ~/.ssh/githubkey
    In either case, the command ssh-keygen will ask you for an optional passphrase. You may just leave them blank. Otherwise, any SSH connection will need you to enter the passphrase as an additional security feature.
  3. You can inspect the content of the public key file: 
    cat ~/.ssh/githubkey.pub
  4. Now you go the list of SSH keys for your Github account. You find them at: https://github.com/settings/keys. Click on the button New SSH key. Now you enter an name for the new key and copy the content of githubkey.pub into the Key textfield.

    You find instructions for this step in the official documentation as well.
  5. We need an SSH agent running in the background. On Linux, the ssh agent should already be running in the background. Regardless, if the ssh agent is not running yet, then you simply execute 
    eval `ssh-agent -s`
    to get the agent started in the background of your current shell.
  6. In a modern Linux environment, the SSH agent already looks for SSH keys inside the .ssh directory on a per-use basis. In other environments, we need to manually add the SSH key: 
    ssh-add ~/.ssh/githubkey
  7. Let us test the SSH connection by trying shell access on Github: 
    ssh -T git@github.com
    Github will confirm that we can authenticate. You should receive the message 
    Hi username! You've successfully authenticated, but GitHub does not provide shell access.
  8. Either you already have a repository on Github that you want to clone, or you already have a local repo that you want to connect. Let us address the former case first and then the latter case.

    You can clone an existing repo from Github into your current working directory via 
    git clone git@github.com:username/your-repository.git
    Note that your username for SSH login purposes is simply git, which is perhaps somewhat counterintuitively. Now you are all set!
  9. Now we address the case where you already have a local Git repository. You must then indicate to Git how and where to reach the remote repository on Github. First, make sure you are in the directory of your local repo: 
    cd /path/to/your/repo
    You see the known remote repositories and their urls via 
    git remote -v
    If you already see a line like 
    nickname_of_remote_repo git@github.com:username/your-repository.git
    then you are good to go. Otherwise, you can either add the new remote repository via 
    git remote add nickname_of_remote_repo git@github.com:username/your-repository.git
    or you change the address of an existing one via 
    git remote set-url nickname_of_remote_repo git@github.com:username/your-repository.git
    Please pick the right name instead of nickname_of_remote_repo. The most common name is origin but you might have chosen something else. Now you are all set!

Special instructions for Git Bash

  1. Git Bash is a lightweight bash emulation for Windows. It provides a limited unix-like command line on Windows with specific focus on Git functionality.

    Git Bash is part of the Git for Windows software package. Though this package also includes a graphical user interface, I am going to focus on the bash emulation here.
  2. The above instructions apply just the same when you use Git Bash. However, Git Bash is one of the settings where the ssh agent is not started in the background. We therefore need it to do by ourselves: 
    eval 'ssh-agent -s' && ssh-add ~/.ssh/githubkey
  3. It would be much more convenient if that command were executed on every login. Git Bash uses profile for any commands to be executed on login. Let us first make sure it exists: 
    cd
    touch .profile
    You can open that file by any editor of choice and add the command 
    eval 'ssh-agent -s' && ssh-add ~/.ssh/githubkey
  4. Now the ssh agent will be started whenever you open a Git Bash shell and the requested keys will be added automatically.
  5. Depending on personal preferences, you may want to apply some tweaks.

    Personally, I always find it confusing to keep track of what scripts are executed on login. Git Bash does not come with a .profile file so you probably need to set up yourself. I like to announce what is being executed at the start of a session: 
    echo "executing .profile"
    eval 'ssh-agent -s' && ssh-add ~/.ssh/githubkey
    Some people have the opposite preference: the login script should be as silent as possible. In that case, we redirect standard output. 
    eval 'ssh-agent -s' > /dev/null && ssh-add ~/.ssh/githubkey > /dev/null
    That variation suppresses all output except errors.