I want to generate an SSH key with only READ permissions to be used with my GitHub account is it possible? or should I create another account with only read permission?
2 Answers
Deploy Keys to the rescue
A deploy key is an SSH key that :
- is stored on your server and grants access to a single GitHub repository.
- Often used to clone repositories during deploys or continuous integration runs.
- Deploys sometimes involve merging branches and pushing code, so deploy keys have always allowed both read and write access.
- But Because write access is undesirable in many cases, you can have the ability to create deploy keys with read-only access.
- New deploy keys created through GitHub.com will be read-only by default and can be given write access by selecting
Allow write access
during creation.
Creating Read only deploy key
- Go to
Settings
tab inside the repository you want to give read only permission. - On the left side navigation bar Select
Deploy Keys
- Click Add Deploy Key .
- Give it a title whatever you want and Add the ssh key.
- Make sure that box
Allow write access
is unchecked. - You're done !
To know more about Deploy keys, read at Github Developer. Also refer to this beautiful gist by zhujunsan on Github.
Feel free to add-in more details.
-
2And to add multiple repositories, generate one SSH key for each and add the configuration to the SSH config file as explained on medium.com/@dustinfarris/…– NagevCommented Aug 8, 2018 at 9:26
-
but generating ssh keys for each repository deploy key is messy, lets say there are 10 repositories that I want to deploy to a machine.– Luk AronCommented Jan 27, 2021 at 16:36
Github organizations can "sort of" support this work-flow:
- Create an organization
- Create a dummy account which will be used for readonly access
- Add the dummy account to the organization with read-only permissions
- Add whatever SSH keys you want to have on the read-only account
- Use your normal account(s) to allow writing
-
9Unlike the accepted answer, this one gives you read access to ALL repositories in the organization. Commented Dec 10, 2018 at 14:04
-
1This seems to be "the" plan of GH, to force an additional user per company for such case because deploy keys cannot be shared among repositories? Commented Sep 2, 2021 at 12:30