Reputation: 523
Github add SSH key from others will grant access to all repos?
So recently Github have change policy and only allow SSH key for authentication
So I added a public SSH key from outside contributor to my account, but will this give the full access to this outside contributor to all my repos with read/write permissions?
this outside contributor should only have access to certain repo in my account, not other repos.
so my concern is , will this add SSH key will allow her to have full access?? Please help me understand, how exactly adding a SSH key will compromise the account security??
Thanks in advance.
Upvotes: 1
Views: 2738
Answers (2)
Reputation: 76559
It is not the case that GitHub has changed to allow only SSH keys for authentication. GitHub used to allow users to use a username and password over HTTPS if they were not using 2FA, a username and personal access token over HTTPS, or SSH using an SSH key. The only thing that has changed is that you can no longer use a username and password for HTTPS; you must use a personal access token instead of a password if you wish to use HTTPS.
If you give another user one of your personal access tokens or add one of their SSH keys to your account, they will have access to all of your repositories. This is insecure, and so you should not do it.
Instead, you should grant your contributor access using the Manage Access interface, and make sure they can access the repository using their own account. If they are using HTTPS, then they may need to either switch to SSH by changing the URL with git remote set-url [email protected]/owner/name.git (replacing owner and name) or just follow the directions outlined in this answer.
The fact that a contributor cannot access their own account is an issue that they need to address instead of having them access your account.
Upvotes: 2
Reputation: 311712
Yes, putting someone else's ssh key in your account will give them full access to all your repositories.
If you want to grant someone else access to your repositories, don't add their ssh key anywhere. Just set up the access permissions on your repositories to grant access to their github account. You can find access permissions by going to "Settings" and then selecting "Manage access" (this will take you to something like https://github.com/yourname/yourrepo/settings/access).
You'll find some documentation on this process here.
Upvotes: 0
Related Questions
- Multiple GitHub Accounts & SSH Config
- Adding an SSH Key to Github from Git
- Github: Use ssh key to use in only one repository or organization
- GitHub organization access via ssh key
- Why can't I use one ssh key on more than one github repo?
- SSH key for multiple github repositories
- Github - Do I need multiple SSH keys for different projects? (MacOS)
- Setting up SSH keys for GitHub
- can i add multiple ssh keys to github?
- SSH GITHUB Keys