From d475852dc21b0c3f0e8ce02af366f7443550589a Mon Sep 17 00:00:00 2001 From: Sergey Volkov Date: Thu, 16 May 2024 13:55:48 +0000 Subject: [PATCH] Add SSH commit signing content (#420) Add the SSH commit signing section to the SSH key management page. Git has had this feature for a while now and SSH keys are easier to manage since they can be used for both authentication and signing, so I think it makes sense to document this. Reviewed-on: https://codeberg.org/Codeberg/Documentation/pulls/420 Reviewed-by: Panagiotis "Ivory" Vasilopoulos Co-authored-by: Sergey Volkov Co-committed-by: Sergey Volkov --- content/security/ssh-key.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/content/security/ssh-key.md b/content/security/ssh-key.md index 8be3c59..5d7b736 100644 --- a/content/security/ssh-key.md +++ b/content/security/ssh-key.md @@ -123,6 +123,21 @@ Every keypair consists of a public and a private key that are connected to one a 4. Copy the output, beginning with `-----BEGIN SSH SIGNATURE-----` and ending with `-----END SSH SIGNATURE-----`. 5. Paste it into the large textbox and click the __Verify__ button. +## Telling Git about your SSH key + +SSH can also be used to sign commits as an alternative for GPG. You can read more about GPG commit signing [here](/security/gpg-key). + +{% admonition "note" %} + +SSH commit signing is available in Git 2.34 or later. To update your version of Git, see the [Git](https://git-scm.com/downloads) website. + +{% endadmonition %} + +1. Open your terminal. +2. Type `git config --global gpg.format ssh`. +3. Type `git config --global user.signingKey `, substituting `` with the path to the key you'd like to use, for example *~/.ssh/id_ed25519*. +4. Type `git config --global commit.gpgSign true`. + ## Avoid re-typing the passphrase Assuming you've created a secure key with a passphrase, SSH will prompt you for your passphrase for every connection. Common desktop environments like macOS or GNOME will offer you to cache your passphrase via an SSH agent.