SSH 為 Secure Shell 的縮寫,是相對FTP、POP和Telnet等明文傳輸數(shù)據(jù)來講較為安全的一種協(xié)議。SSH傳輸?shù)臄?shù)據(jù)是經(jīng)過壓縮處理后的,傳輸速度快,從客戶端來看,SSH提供兩種級別的安全驗證,第一種級別(基于口令的安全驗證),第二種級別(基于密匙的安全驗證)。Github、Gitlab及Bitbuckut等代碼托管平臺都支持基于密匙的SSH來進行遠程代碼管理,下面以Github為例具體說下ssh key的創(chuàng)建與使用。
1,SSH key的生成
abc@163.com 為Github的登錄郵箱,通過以下命令即可創(chuàng)建一對公私鑰 (公鑰文件:~/.ssh/id_rsa.pub; 私鑰文件:~/.ssh/id_rsa):
ssh-keygen -t rsa -C "abc@163.com"
然后會提示本地ssh key的保存路徑,如果是單個創(chuàng)建,回車即可報錯默認(rèn)/Users/用戶名/.ssh目錄下。
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/pandora/.ssh/id_rsa):
接下來會提示是否需要帳號密碼,可以為空,也可以任意指定(首次連接ssh是則會提示輸入此密碼)。
Enter passphrase (empty for no passphrase):
至此,ssh key創(chuàng)建完畢。接下來只需將生成的ssh key保存至github即可,查看ssh key命令:
cat ~/.ssh/id_rsa.pub
顯示結(jié)果為:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCohNI1KuNzVP7UlclbueAp/2Gxhbm0romfChDaqvF3dlMS0SS1HH1HQivG7G2J+hXwhV+V11x3LRKfyIkZy0iq6cccn4+Yan3zdWI12CfhzuHuVOQ7I2nLeDDF/CwqGrY/81r9HQpMNsPfnAHsoAT44M0QcTQORlapJYKIfz4LBT0ZXtGMnm8UeNR3t3RUL0RUZrBjgaeZIuihZjsxfpT3awOsLeTFJDld4Nv2ldw3sADQry0gT912r1IVBvpdmJ8SmQWDvjMggldhzHJoVq3ACM5jK+MSeVAUe11B3WlHDXaUIbHNyRhM+PyQ1FRgckVhz4NwJwPYSWJ5Zalm3GFl abc@163.com
bcopy命令將生成的公鑰拷貝至剪切板:
pbcopy < ~/.ssh/id_rsa.pub
最后,打開github,找到設(shè)置頁,在SSH keys中添加即可。
2,鏈接測試SSH key
運行ssh -T命令即可測試ssh key是否鏈接成功:
ssh -T git@github.com
如成功,則提示:Hi user_abc! You've successfully authenticated, but GitHub does not provide shell access. user_abc就是該郵箱在Github注冊的用戶名。
如果測試連接不成功,可使用ssh -vT git@github.com命令查看詳細(xì)輸出,便于跟蹤問題,執(zhí)行結(jié)果如下:
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/pandora/.ssh/config
debug1: /Users/pandora/.ssh/config line 2: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /Users/pandora/.ssh/id_rsa_dama2716588 type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/pandora/.ssh/id_rsa_dama2716588-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/pandora/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pandora/.ssh/id_rsa_dama2716588
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.252.129]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi dama2716588! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3244, received 1776 bytes, in 2.0 seconds
Bytes per second: sent 1650.3, received 903.5
debug1: Exit status 1
3,配置管理SSH key
當(dāng)本地存儲使用多個ssh key時,需要通過config文件(/Users/用戶名/.ssh/config)來切換默認(rèn)賬戶,ssh config文件常用配置如下:
# Default github user(dama2716588@126.com) 默認(rèn)配置,一般可以省略
Host github.com
Hostname github.com
User git
Identityfile ~/.ssh/id_rsa_dama2716588
# 2 user(dama2716588@163.com)
Host github.com
HostName github.com
User git
Identityfile ~/.ssh/id_rsa_pandorago
# 3 user(adc@baidu.com)
gitlab.com 對應(yīng)配置
Host gitlab.com
HostName gitlab.com
User mayulong01
Identityfile ~/.ssh/id_rsa_gitlab_abc
Host: "personal.github.com"是一個"別名",可以隨意命名, 像github-PERSONAL這樣的命名也可以;
HostName:比如我工作的git倉儲地址是ssh://g@gitlab.baidu.com/abc.git, 那么我的HostName就要填"baidu.com";
IdentityFile: 所使用的公鑰文件;
參考鏈接:
