Azure Cloud Shell is a great environment for deploying Azure resources. If you use Infrastructure-as-Code (IaC), you can use git to clone your public repositories directly into your Cloud Shell using the basic
git clone command.
But what if your repo is private? In that case, you’ll need to have a way to authenticate to your git server. Git disabled password authentication for that purpose about two years ago. The remaining option to use is to use SSH keys.
In this article, I will show you how to generate an SSH key pair, add it to your GitHub account, and use it to clone and pull contents from a private GitHub repo.
Generate a new SSH key pair
- Open your Azure Cloud Shell.
- Type the command
ssh-keygen -t RSAto generate a new RSA key pair.
- Accept the defaults for all the prompts if this is your first key pair in Cloud Shell.
- You will be asked to create a password to protect the private key. While you can leave the password blank, I recommend setting a password.
You will need to use this password each time the key is accessed.
At the end of the process, you will have a new folder,
.ssh, in your Cloud Shell home directory. There will be two files: id_rsa and id_rsa.pub. The .pub file contains the public key of the pair.
We need the contents of the id_rsa.pub file to upload to GitHub. There are a few ways to obtain it, but because the file contents are rather short, you can simply execute the command
cat ~/.ssh/id_rsa.pub and copy the output to your clipboard.
Create a new SSH key for authentication to GitHub
Using your web browser, go to your GitHub settings. Then:
- Go to the SSH and GPG keys pane.
Direct link: https://github.com/settings/keys
- Click the New SSH key button.
- Give the new key a title, such as Azure CloudShell.
If you have multiple Azure Cloud Shells in multiple tenants, you should probably make it more descriptive.
- Confirm the Key type is set to Authentication Key.
- Paste the contents of the id_rsa.pub file in the Key text box.
- Click the Add SSH key button.
You can now use this SSH key to authenticate to GitHub.
Clone the private repo to Cloud Shell
Go back to your Azure Cloud Shell. Before cloning, consider creating a
repos folder to keep all your cloned repositories together in your Cloud Shell storage. Then, use the following clone command:
git clone firstname.lastname@example.org:GitHubUsername/RepositoryName.git
Replace GitHubUsername with your username (or the name of the organization if the repo is hosted in an organizational account) and RepositoryName with the name of the repo to be cloned. You can also find the entire string in GitHub, if you click the green Code button on the repo’s home page and then click the SSH tab.
A note about cloning a private repo from an organization: you’ll need to authorize your key to be used for SSO for that organization. This is an additional step you’ll take on the GitHub SSH and GPG keys pane.