70

I want to generate an SSH key with only READ permissions to be used with my GitHub account is it possible? or should I create another account with only read permission?

Attie
  • 19,231
  • 5
  • 58
  • 73
jibe
  • 803
  • 1
  • 6
  • 5

2 Answers2

70

Deploy Keys to the rescue

A deploy key is an SSH key that :

  • is stored on your server and grants access to a single GitHub repository.
  • Often used to clone repositories during deploys or continuous integration runs.
  • Deploys sometimes involve merging branches and pushing code, so deploy keys have always allowed both read and write access.
  • But Because write access is undesirable in many cases, you can have the ability to create deploy keys with read-only access.
  • New deploy keys created through GitHub.com will be read-only by default and can be given write access by selecting Allow write access during creation.

Creating Read only deploy key

  1. Go to Settings tab inside the repository you want to give read only permission.
  2. On the left side navigation bar Select Deploy Keys

Github Deploy Keys

  1. Click Add Deploy Key .
  2. Give it a title whatever you want and Add the ssh key.
  3. Make sure that box Allow write access is unchecked.
  4. You're done !

To know more about Deploy keys, read at Github Developer. Also refer to this beautiful gist by zhujunsan on Github.

Feel free to add-in more details.

C0deDaedalus
  • 2,500
  • 1
  • 10
  • 22
  • 2
    And to add multiple repositories, generate one SSH key for each and add the configuration to the SSH config file as explained on https://medium.com/@dustinfarris/managing-multiple-github-deploy-keys-on-a-single-server-f81f8f23e473 – Nagev Aug 08 '18 at 09:26
  • but generating ssh keys for each repository deploy key is messy, lets say there are 10 repositories that I want to deploy to a machine. – Luk Aron Jan 27 '21 at 16:36
20

Github organizations can "sort of" support this work-flow:

  • Create an organization
  • Create a dummy account which will be used for readonly access
  • Add the dummy account to the organization with read-only permissions
  • Add whatever SSH keys you want to have on the read-only account
  • Use your normal account(s) to allow writing
Slava Knyazev
  • 577
  • 3
  • 8
  • 23
  • 8
    Unlike the accepted answer, this one gives you read access to ALL repositories in the organization. – mareoraft Dec 10 '18 at 14:04
  • This seems to be "the" plan of GH, to force an additional user per company for such case because deploy keys cannot be shared among repositories? – Valentin Kuzub Sep 02 '21 at 12:30