Connecting to GitHub — SSH Keys and HTTPS

So far every command in this course has run on your laptop. The moment you want to share a commit, collaborate on a PR, or have CI run your tests, you need a remote — and 99% of the time that remote is GitHub. This lesson connects your local Git to GitHub via the two protocols anyone uses in 2026: HTTPS with a personal access token and SSH with a key pair. Pick one (you can switch later) and you're set up for the rest of the course.

What GitHub actually is

GitHub is a web platform that hosts Git repositories. Underneath the website, it's just a Git server that accepts git push and serves git fetch. On top, it adds the things teams actually want: pull requests, code review, issues, project boards, GitHub Actions for CI, and a permissions model so the right people see the right repos. As a QA engineer, GitHub is where your team's tests live, where your PRs get reviewed, and where CI runs your suite on every commit.

The only thing GitHub needs from you is proof that you are who you say you are. That's the authentication problem this lesson solves, twice.

HTTPS with a personal access token (PAT)

The simpler path. The clone URL looks like:

https://github.com/your-team/webapp-tests.git

When you clone, push, or pull, Git asks for your username and password. GitHub stopped accepting account passwords in 2021 — you must use a Personal Access Token (PAT) instead. A PAT is a long random string that acts as a password but can be scoped, expired, and revoked independently of your account.

Creating a PAT

1. On GitHub, click your avatar → Settings.
2. Scroll to Developer settings at the bottom of the left sidebar.
3. Personal access tokens → Tokens (classic) → Generate new token (classic).
4. Give it a name (work-laptop), an expiry (90 days is sane), and tick the repo scope (read/write to your repos).
5. Click Generate token and copy it immediately — GitHub shows it once. If you lose it, generate a new one.

Using the PAT

Clone or push as normal. When prompted:

git push origin main

Username for 'https://github.com': your-github-username
Password for 'https://your-github-username@github.com': <paste the PAT here>

The token replaces the password. You'll re-type it on every push unless you save it.

Caching the token

Typing a 40-character token every push is awful. Tell Git to remember it:

git config --global credential.helper store

After the next successful push, the token is saved in ~/.git-credentials in plain text. It's plain text — if that's not acceptable on your machine, use cache (in-memory, expires after 15 minutes) or a platform-specific helper (osxkeychain on macOS, manager on Windows, libsecret on Linux):

git config --global credential.helper osxkeychain   # macOS
git config --global credential.helper manager       # Windows
git config --global credential.helper libsecret     # Linux

Now subsequent pushes are silent.

SSH with a key pair

The cleaner long-term path. Instead of a password, your machine and GitHub authenticate using a cryptographic key pair: a private key that stays on your laptop forever, and a public key you upload to GitHub. Git on your machine signs each request with the private key; GitHub verifies it with the public one. No password ever travels.

The clone URL is different:

git@github.com:your-team/webapp-tests.git

Note the colon (:) instead of a slash, and the git@ prefix.

Generating an SSH key

ssh-keygen -t ed25519 -C "your.email@example.com"

Press Enter at each prompt to accept the defaults — store the key at ~/.ssh/id_ed25519, no passphrase (or set one for extra safety).

Generating public/private ed25519 key pair.
Enter file in which to save the key (/Users/you/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Your identification has been saved in /Users/you/.ssh/id_ed25519
Your public key has been saved in /Users/you/.ssh/id_ed25519.pub

Two files now exist:

• ~/.ssh/id_ed25519 — the private key. Never share, never copy off the machine, never paste anywhere.
• ~/.ssh/id_ed25519.pub — the public key. Safe to share; this is what GitHub gets.

Uploading the public key

cat ~/.ssh/id_ed25519.pub

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH... your.email@example.com

Copy the whole line. On GitHub: Settings → SSH and GPG keys → New SSH key. Title it (work-laptop), paste the public key, click Add SSH key.

Testing the connection

ssh -T git@github.com

Hi your-github-username! You've successfully authenticated, but GitHub does not provide shell access.

That message is success — GitHub recognised your key. From now on, any clone/push/pull over an SSH URL is silent.

If you cloned the repo with HTTPS originally and want to switch to SSH:

git remote set-url origin git@github.com:your-team/webapp-tests.git
git remote -v       # confirm

HTTPS vs SSH — pick one

You can use both — HTTPS for one repo, SSH for another. Most engineers settle on SSH for personal machines and HTTPS for shared/CI machines. Start wherever feels less scary; switching later is one git remote set-url away.

A QA scenario from start to finish

Day one at a new job. You've installed Git (Lesson 2 of Chapter 1) and have a GitHub account. The team's repo is git@github.com:acme/webapp-tests.git. You:

ssh-keygen -t ed25519 -C "vimal@acme.com"           # generate the key
cat ~/.ssh/id_ed25519.pub                            # copy the output
# ...paste into GitHub Settings → SSH keys...
ssh -T git@github.com                                # confirm authentication
git clone git@github.com:acme/webapp-tests.git
cd webapp-tests

You're in. Every push and pull from here is silent. The Git for QA cheat sheet has the same sequence as a one-page reference.

⚠️ Common mistakes

• Pasting the private key into GitHub. GitHub asks for the public key (.pub). The private key (no extension) must never leave the machine — anyone with it can impersonate you. If you slip and paste the wrong one, delete it from GitHub immediately, generate a new pair, and rotate any tokens that touched the same machine.
• Re-typing your GitHub password instead of a PAT. If a push prompts for "password" and you type your account password, it'll fail with Support for password authentication was removed. Generate a PAT, paste that. Easy to miss because the prompt still says "Password."
• Mixing up origin URLs. If you clone with HTTPS and your colleague swears by SSH, you might both run the same commands but hit different auth flows. Run git remote -v to see the URL your repo is using; switch with git remote set-url origin <new-url> if needed.

🎯 Practice task

Connect a real machine to a real GitHub account. 25-30 minutes including any initial setup.

1. Make sure you have a GitHub account; create one at github.com if not.
2. Path A (HTTPS): Generate a Personal Access Token (Settings → Developer settings → Personal access tokens → Tokens (classic) → Generate new token, scope repo). Save the token somewhere safe.
3. Path B (SSH): Generate an ed25519 key with ssh-keygen -t ed25519 -C "your@email". Copy ~/.ssh/id_ed25519.pub. Add it to GitHub (Settings → SSH and GPG keys → New SSH key).
4. Verify whichever path you chose:
   • HTTPS: git clone https://github.com/<your-username>/<any-repo>.git, push a small commit, paste the PAT when asked.
   • SSH: ssh -T git@github.com — confirm the Hi <username>! message. Then git clone git@github.com:<your-username>/<any-repo>.git and push.
5. Configure credential caching: git config --global credential.helper store (HTTPS) — confirm a second push is silent.
6. Stretch: create an empty test repo on GitHub, push a one-file commit from your qa-sandbox repo to it (git remote add origin <url> && git push -u origin main). Refresh GitHub — confirm the file appears.

The next lesson uses this connection in anger: pushing, pulling, and fetching as part of the daily team workflow.