How does GitHub handle push security?

When I setup my computer for Git, I generate a private and public SSH key. I then let GitHub know what my public key is. My understanding is that public keys can encrypt messages, and the private key de-crypts it. So I can understand how github can send me encrypted messages via SSH.

However, my question is that when I push to GitHub, how does it know that it is me who is doing the push? Couldn’t someone else create a their own SSH key with with my name and email, and then push to my GitHub Repository?

I doubt this is the case, so what are the security measures that are in place for this? Thanks!

  • git refuses password, only when logged in as root
  • E-mail as Git SSH User
  • Vagrant ansible git clone permission error
  • How to give friend access to git repository without giving command line access?
  • Deploy rails application after git push
  • OpenShift Jenkins git clone fails: Host key verification failed
  • GIT remote cannot fetch via SSH
  • Automating Git & SSH workflow
  • One Solution collect form web for “How does GitHub handle push security?”

    GitHub has a copy of your public key, which has more information than just your name and e-mail address. It has a unique fingerprint that cannot be reproduced by generating a forged public key (at least not without a massive brute-force attack or some unanticipated mathematical breakthrough).

    The way the ssh protocol works, GitHub sees an ssh connection that it authenticates against your public key. Such a connection can only be created by someone who has a copy of your private key.

    GitHub doesn’t have a copy of your private key, but it can verify that you do. (That’s what public key cryptography is all about.)

    Git Baby is a git and github fan, let's start git clone.