Adding public keys to GitHub

To use the SSH keys to connect MettleCI Workbench with your GitHub service you'll need to provide GitHub with your public key.

When you install MettleCI Workbench (v1450 or earlier) it generates a workbench.key / workbench.key.pub key pair using an RSA encryption algorithm.  This was fine up until 15th March 2022 when GitHub unexpectedly stopped accepting RSA and DSA keys.  This change has implications. which are covered below.

• MettleCI Workbench v1451 or later generates GitHub-compliant ECDSA keys by default

• MettleCI Workbench v1664 or later generates GitHub-compliant and Azure-compliant RSA SHA256 keys by default

To integrate MettleCI with GitHub you should do the following…

• The existing workbench.key / workbench.key.pub key pair will not be required as they'll be generated during Workbench setup. You can delete these files, or back them up if you wish.

• Generate a new RSA SHA256 key pair using the shell command ssh-keygen -t rsa-sha2-256 -b 2048 -f workbench.key

• Ensure the sshKey: "/opt/dm/mci/workbench.key" entry in the gitAuthentication: section of your config.yml file is pointing to the newly generated private key file.

• Register the public key file workbench.key.pubin GitHub:

  • GitHub does not allow you to add the same SSH key directly against multiple repositories, so your should register that public key against a user.

  • Give that user access (directly or through membership in a Team) to the MettleCI GitHub repositories you plan to manage in Workbench

    • For project repositories, assign the “Maintain” role

    • For the Compliance repository, the “Read” role is sufficient.

• Restart the Workbench service and test GitHub access by running Compliance and a Check-in from Workbench.Process