shithub Public

Watch 1 Fork 0 Star 0

markdown · 1938 bytes Raw Blame History

Cloning over SSH

Status: the SSH transport is planned but not yet shipped. Until it lands, use HTTPS with a PAT. The procedure below is what the SSH path will look like; the underlying server infrastructure (per-key authorization, command-locked sessions) already exists in the codebase.

SSH lets you push and pull without re-entering credentials each time. shithub authenticates each connection by SSH public key: the key fingerprint maps to a user, and the session is locked to the git protocol — you cannot get a shell.

1. Generate an SSH key

Skip this if you already have a key you're happy with (~/.ssh/id_ed25519.pub typically).

ssh-keygen -t ed25519 -C "you@example.com"

Accept the default path. Set a passphrase if you want belt-and- braces; ssh-agent will remember it for the session.

2. Copy the public key

cat ~/.ssh/id_ed25519.pub

Copy the entire line, including the ssh-ed25519 prefix and the trailing comment.

3. Add the key in shithub

Settings → SSH and GPG keys → "New SSH key". Paste the key, give it a label (e.g., "laptop"), save.

The page shows the fingerprint shithub computed; verify it matches what ssh-keygen -l -f ~/.ssh/id_ed25519.pub prints locally.

4. Test the connection

ssh -T git@shithub.sh

You'll see a confirmation message. The -T disables PTY allocation; shithub's SSH service refuses TTYs anyway.

5. Clone with SSH

git clone git@shithub.sh:<owner>/<repo>.git

Subsequent pushes don't prompt — the agent presents the key, the server matches the fingerprint to your account, and the session is locked to git-receive-pack / git-upload-pack.

Removing or rotating a key

Settings → SSH and GPG keys lists every key on the account with its last-used timestamp. Remove a key the moment a device is lost or decommissioned — the next git push from that device will be rejected.

View source

  
        1
        # Cloning over SSH
      
        2
        
        3
        > **Status:** the SSH transport is planned but not yet shipped.
      
        4
        > Until it lands, use [HTTPS with a PAT](./https.md). The procedure
      
        5
        > below is what the SSH path will look like; the underlying server
      
        6
        > infrastructure (per-key authorization, command-locked sessions)
      
        7
        > already exists in the codebase.
      
        8
        
        9
        SSH lets you push and pull without re-entering credentials each
      
        10
        time. shithub authenticates each connection by SSH public key:
      
        11
        the key fingerprint maps to a user, and the session is locked to
      
        12
        the git protocol — you cannot get a shell.
      
        13
        
        14
        ## 1. Generate an SSH key
      
        15
        
        16
        Skip this if you already have a key you're happy with
      
        17
        (`~/.ssh/id_ed25519.pub` typically).
      
        18
        
        19
        ```sh
      
        20
        ssh-keygen -t ed25519 -C "you@example.com"
      
        21
        ```
      
        22
        
        23
        Accept the default path. Set a passphrase if you want belt-and-
      
        24
        braces; `ssh-agent` will remember it for the session.
      
        25
        
        26
        ## 2. Copy the public key
      
        27
        
        28
        ```sh
      
        29
        cat ~/.ssh/id_ed25519.pub
      
        30
        ```
      
        31
        
        32
        Copy the entire line, including the `ssh-ed25519` prefix and the
      
        33
        trailing comment.
      
        34
        
        35
        ## 3. Add the key in shithub
      
        36
        
        37
        Settings → SSH and GPG keys → "New SSH key". Paste the key, give
      
        38
        it a label (e.g., "laptop"), save.
      
        39
        
        40
        The page shows the fingerprint shithub computed; verify it matches
      
        41
        what `ssh-keygen -l -f ~/.ssh/id_ed25519.pub` prints locally.
      
        42
        
        43
        ## 4. Test the connection
      
        44
        
        45
        ```sh
      
        46
        ssh -T git@shithub.sh
      
        47
        ```
      
        48
        
        49
        You'll see a confirmation message. The `-T` disables PTY allocation;
      
        50
        shithub's SSH service refuses TTYs anyway.
      
        51
        
        52
        ## 5. Clone with SSH
      
        53
        
        54
        ```sh
      
        55
        git clone git@shithub.sh:<owner>/<repo>.git
      
        56
        ```
      
        57
        
        58
        Subsequent pushes don't prompt — the agent presents the key, the
      
        59
        server matches the fingerprint to your account, and the session
      
        60
        is locked to `git-receive-pack` / `git-upload-pack`.
      
        61
        
        62
        ## Removing or rotating a key
      
        63
        
        64
        Settings → SSH and GPG keys lists every key on the account with
      
        65
        its last-used timestamp. Remove a key the moment a device is lost
      
        66
        or decommissioned — the next `git push` from that device will be
      
        67
        rejected.

1	# Cloning over SSH
2
3	> Status: the SSH transport is planned but not yet shipped.
4	> Until it lands, use [HTTPS with a PAT](./https.md). The procedure
5	> below is what the SSH path will look like; the underlying server
6	> infrastructure (per-key authorization, command-locked sessions)
7	> already exists in the codebase.
8
9	SSH lets you push and pull without re-entering credentials each
10	time. shithub authenticates each connection by SSH public key:
11	the key fingerprint maps to a user, and the session is locked to
12	the git protocol — you cannot get a shell.
13
14	## 1. Generate an SSH key
15
16	Skip this if you already have a key you're happy with
17	(`~/.ssh/id_ed25519.pub` typically).
18
19	```sh
20	ssh-keygen -t ed25519 -C "you@example.com"
21	```
22
23	Accept the default path. Set a passphrase if you want belt-and-
24	braces; `ssh-agent` will remember it for the session.
25
26	## 2. Copy the public key
27
28	```sh
29	cat ~/.ssh/id_ed25519.pub
30	```
31
32	Copy the entire line, including the `ssh-ed25519` prefix and the
33	trailing comment.
34
35	## 3. Add the key in shithub
36
37	Settings → SSH and GPG keys → "New SSH key". Paste the key, give
38	it a label (e.g., "laptop"), save.
39
40	The page shows the fingerprint shithub computed; verify it matches
41	what `ssh-keygen -l -f ~/.ssh/id_ed25519.pub` prints locally.
42
43	## 4. Test the connection
44
45	```sh
46	ssh -T git@shithub.sh
47	```
48
49	You'll see a confirmation message. The `-T` disables PTY allocation;
50	shithub's SSH service refuses TTYs anyway.
51
52	## 5. Clone with SSH
53
54	```sh
55	git clone git@shithub.sh:<owner>/<repo>.git
56	```
57
58	Subsequent pushes don't prompt — the agent presents the key, the
59	server matches the fingerprint to your account, and the session
60	is locked to `git-receive-pack` / `git-upload-pack`.
61
62	## Removing or rotating a key
63
64	Settings → SSH and GPG keys lists every key on the account with
65	its last-used timestamp. Remove a key the moment a device is lost
66	or decommissioned — the next `git push` from that device will be
67	rejected.