an adventure using ssh with github — the finish

In the post immediately before this, I wrote how I’ve started using the Yubico 5 Series key, how I created an SSH key pair using it, and how I managed to put the public key portion up in my account. The next step was to migrate one of my local project repos from HTTPS and username/password authentication to SSH and public/private key authentication.

Migrating the Repo

The command used to migrate a repo from HTTPS to SSH is git remote set-url origin[Username]/[Projectname].git, where Username is the email username you’ve used in your GitHub account, and Projectname.git is the, yes, project name of the repo you want to change. Because I have a number of projects in my account, I decided I wanted to automate this process. To that end I wrote a simple five line shell script to handle this.

#!/usr/bin/env bash
git remote set-url origin $(\
git remote show origin | grep "Fetch URL"\
 | sed 's/ *Fetch URL: //' \
 | sed 's/https:\/\/\//')

I am not a master of either sed or regular expressions, and every time I choose to use these tools I go slowly and test my scripts every step of the way. When I started to develop this script I started with line 3 and tested each single line as it was added to the complete chain before adding the next line in the sequence. When I was satisfied the transformation was correct I wrapped the lines in parenthesis and added line two to complete the script. Let’s go over this script line by line.

  1. This is my usual bash shebang that I always put at the top of my scripts.
  2. This is the git command that will change the URL, and it’s the last command to be executed in the sequence, although it’s counter-intuitively the first command listed.
  3. This is the line that shows the repo’s origin, and we’re grepping for Fetch URL for the critical information we will need for the commands to follow.
  4. This is the line that uses sed to remove the leading text to Fetch URL, replacing all those characters with nothing, thus deleting it.
  5. The now-leading is replaced with The part of the Fetch URL that contains your username and projectname remain unchanged in the final string.

The parenthesis on lines 2 and 5 wrap the results of all that editing and pass it back as a single argument to the git command on line 2 of the script. Then the script finishes executing and we’re done.

Testing the Migration

The script, if it runs successfully, runs silently. To check that the migration was successful, you need to run the git command again to show the origin information.

~ git remote show origin
* remote origin
  Fetch URL:
  Push  URL:
  HEAD branch: main
  Remote branch:
    main tracked
  Local branch configured for 'git pull':
    main merges with remote main
  Local ref configured for 'git push':
    main pushes to main (up to date)

When you run this command you need to be near the Yubico key, with the circled logo facing up. That’s the touch sensor that allows the key to work. When you execute the git command the Yubico key logo will start to flash. Put your thumb (or whatever digit you used to set up the key’s touch ID) over the flashing logo and the command will successfully execute as it did here. Now when I push up to GitHub, I have to touch the key for it to fully succeed. I was able to finally push my tag up to qt6.

At this point I now have full command line git control again. I will probably continue to use GitHub Desktop as it has some nice features wrapped up in the tool, but for plain old development and repo synchronization I can go back to what I was doing previously, without GitHub Desktop. For those who think this is too much effort, think again. I don’t think anyone wants to target anything I’ve got on GitHub, but you never know. I want my GitHub account locked down as tightly as reasonably possible, and this provides that feature. I’ll go the extra effort for security.