SSH Key
Secure Shell (SSH) 是一个允许两台电脑之间通过安全的连接进行数据交换的网络协议。 通过加密保证了数据的保密性和完整性。
对称加密只需要一个密钥,非对称加密需要两个密钥成对使用,分为公钥(public key)和私钥(private key)
如果使用私钥加密(这个过程一般称为“签名”),只有使用对应的公钥解密。
SSH 密钥登录采用的是非对称加密,每个用户通过自己的密钥登录
SSH服务端和客户端程序
OpenSSH (OpenBSD Secure Shell) 是一套使用ssh协议,通过计算机网络,提供加密通讯会话的计算机程序。
如果需要作为ssh的服务端,则需要安装openssh。
如果仅是作为ssh客户端,直接使用ssh命令即可。
生成密钥
默认生成在 /c/Users/Administrator/.ssh/id_dsa, id_dsa 是私钥, id_dsa.pub 是公钥
ssh-keygen -t rsa -f ~/.ssh/id_rsa_mygithub -C "这里换成你的邮箱@163.com"
-t 参数用来指定密钥的加密算法,一般会选择 DSA 算法或 RSA 算法。 如果省略该参数,默认使用 RSA 算法。
-f 指定文件名称,默认会生成 ~/.ssh/id_rsa / id_rsa_pub
-C 参数可以为密钥文件指定新的注释,格式为username@host。
-b 参数指定密钥的二进制位数。这个参数值越大,密钥就越不容易破解,但是加密解密的计算开销也会加大。 一般来说,-b至少应该是1024,更安全一些可以设为2048或者更高。
Administrator@SKY-20211128AGK MINGW64 ~
$ cd ~
Administrator@SKY-20211128AGK MINGW64 ~
$ pwd
/c/Users/Administrator
Administrator@SKY-20211128AGK MINGW64 ~
$ ssh-keygen -t rsa -C doingself@163.com
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/Administrator/.ssh/id_rsa): #直接回车, 输入文件名保存在当前目录
Enter passphrase (empty for no passphrase): #设置密码
Enter same passphrase again: #设置密码
Your identification has been saved in /c/Users/Administrator/.ssh/id_rsa
Your public key has been saved in /c/Users/Administrator/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:K5/DNboqsok0mSEHteatAmgDot+6DXkz5uQJlUJw+kc doingself@163.com
The key's randomart image is:
+---[RSA 3072]----+
|. o |
| = . |
|= + E |
|=* o . |
|=+= = S |
|+o=B .o |
|.=* B ...o . |
|.oo%.+ o+. |
|. =+=...+o |
+----[SHA256]-----+
Administrator@SKY-20211128AGK MINGW64 ~
$
查看电脑的所有公钥
Administrator@SKY-20211128AGK MINGW64 ~
$ ls -l ~/.ssh/id_*.pub
-rw-r--r-- 1 Administrator 197121 607 Feb 27 20:33 /c/Users/Administrator/.ssh/id_dsa.pub
使用私钥
ssh-agent 命令让用户在整个 Bash 对话(session)之中,只在第一次使用 SSH 命令时输入密码,然后将私钥保存在内存中,后面都不需要再输入私钥的密码了。
- eval `ssh-agent`: 当前对话启用ssh-agent
- ssh-agent: 查看环境
- ssh-add id_rsa: 添加私钥
- ssh-add -l: 查看所有已经添加的私钥
- ssh-add -d name-of-key-file: 从内存中删除指定的私钥
Administrator@SKY-20211128AGK MINGW64 ~
$ eval `ssh-agent`
Agent pid 2848
Administrator@SKY-20211128AGK MINGW64 ~
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-TgBvWGD1C8rS/agent.2852; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2853; export SSH_AGENT_PID;
echo Agent pid 2853;
Administrator@SKY-20211128AGK MINGW64 ~
$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /c/Users/Administrator/.ssh/id_rsa:
Identity added: /c/Users/Administrator/.ssh/id_rsa (doingself@163.com)
Administrator@SKY-20211128AGK MINGW64 ~
$ ssh-add -l
3072 SHA256:K5/DNboqsok0mSEHteatAmgDot+6DXkz5uQJlUJw+kc doingself@163.com (RSA)
Administrator@SKY-20211128AGK MINGW64 ~
$
使用公钥
- 打开 Github SSH and GPG Keys
-
Title自定义 - 完整复制公钥内容 粘贴到
Key中
测试
ssh -T git@github.com
Administrator@SKY-20211128AGK MINGW64 ~
$ ssh -T git@github.com
The authenticity of host 'github.com (20.205.243.166)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added 'github.com' (ED25519) to the list of known hosts.
Hi doingself! You've successfully authenticated, but GitHub does not provide shell access.
Administrator@SKY-20211128AGK MINGW64 ~
$
鸣谢
Mac 操作记录 (github + gitee 多账号配置)
简短截说
➜ ~
➜ ~ cd .ssh
➜ .ssh
➜ .ssh ssh-keygen -t rsa -f id_rsa_github_jiuan -C daviondk@163.com
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_github_jiuan
Your public key has been saved in id_rsa_github_jiuan.pub
The key fingerprint is:
SHA256:i+nEkNjq/knk5LWU+85O0fP/ibjW5fFEmj/46Qgv+j4 daviondk@163.com
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| |
| o . . . .|
| . * + S o + |
| * = = o o oo.|
| . + B o .o +oo|
| . . + + E++oo=|
| .o.o .o=.==+++*o|
+----[SHA256]-----+
➜ .ssh
➜ .ssh
➜ .ssh ls -l
total 72
-rw-r--r-- 1 jiuan staff 281 6 28 09:23 config
-rw------- 1 jiuan staff 2655 6 21 16:31 id_rsa_gitee
-rw-r--r-- 1 jiuan staff 570 6 21 16:31 id_rsa_gitee.pub
-rw------- 1 jiuan staff 2655 7 21 16:11 id_rsa_github
-rw-r--r-- 1 jiuan staff 570 7 21 16:11 id_rsa_github.pub
-rw------- 1 jiuan staff 2602 6 23 15:53 id_rsa_gitlab
-rw-r--r-- 1 jiuan staff 570 6 23 15:53 id_rsa_gitlab.pub
-rw------- 1 jiuan staff 836 7 21 16:05 known_hosts
-rw-r--r-- 1 jiuan staff 182 6 23 16:10 known_hosts.old
➜ .ssh
➜ .ssh vim config
# github
Host github_haha
HostName github.com
User git
IdentityFile /Users/cityfruit/.ssh/id_rsa_github
#gitee
Host gitee_hehe
HostName gitee.com
PreferredAuthentications publickey
IdentityFile /Users/cityfruit/.ssh/id_rsa_gitee
# private gitLab.com server
Host gitlab.company.com
RSAAuthentication yes
IdentityFile ~/.ssh/id_rsa_gitlab
~
~
➜ .ssh
➜ .ssh cd ~
➜ ~ vim .bash_profile
ssh-add ~/.ssh/id_rsa_gitee
ssh-add ~/.ssh/id_rsa_gitlab
ssh-add ~/.ssh/id_rsa_github
~
~
➜ ~
➜ ~ source .bash_profile
➜ ~
➜ ~
详细
重点: remote 使用 .ssh/config 配置的 Host
Last login: Tue May 31 14:42:53 on ttys003
cityfruit@shiyanchaodeMBP ~/.ssh pwd
/Users/cityfruit/.ssh
cityfruit@shiyanchaodeMBP ~/.ssh ssh-keygen -t rsa -C daviondk@163.com
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/cityfruit/.ssh/id_rsa): id_rsa_gitee_3138
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_gitee_3138
Your public key has been saved in id_rsa_gitee_3138.pub
The key fingerprint is:
SHA256:p85fEqGsIQIqx0bVJTG/6A/JWmEG85hpCwaTP+i+QKI daviondk@163.com
The key is randomart image is:
+---[RSA 3072]----+
| ..+o. |
| . . .+ |
|= . o . . |
|.O B o o . |
|=.X * B S o |
|*+ = B = o . |
|E. . B . . . |
|o o = o |
| o. . +.. |
+----[SHA256]-----+
cityfruit@shiyanchaodeMBP ~/.ssh eval $(ssh-agent -s)
Agent pid 16081
cityfruit@shiyanchaodeMBP ~/.ssh ls
id_rsa id_rsa_gitee_3138 known_hosts
id_rsa.pub id_rsa_gitee_3138.pub known_hosts.old
cityfruit@shiyanchaodeMBP ~/.ssh ssh-add id_rsa_gitee_3138
Enter passphrase for id_rsa_gitee_3138:
Identity added: id_rsa_gitee_3138 (daviondk@163.com)
cityfruit@shiyanchaodeMBP ~/.ssh touch config
cityfruit@shiyanchaodeMBP ~/.ssh
cityfruit@shiyanchaodeMBP ~/.ssh vim config
# github
Host github_haha
HostName github.com
User git
IdentityFile /Users/cityfruit/.ssh/id_rsa
#gitee
Host gitee_hehe
HostName gitee.com
PreferredAuthentications publickey
IdentityFile /Users/cityfruit/.ssh/id_rsa_gitee_3138
# private gitLab.com server
Host gitlab.company.com
RSAAuthentication yes
IdentityFile ~/.ssh/id_rsa_gitlab
~
~
cityfruit@shiyanchaodeMBP ~/.ssh
cityfruit@shiyanchaodeMBP ~/.ssh ls
config id_rsa.pub id_rsa_gitee_3138.pub known_hosts.old
id_rsa id_rsa_gitee_3138 known_hosts
cityfruit@shiyanchaodeMBP ~/.ssh pbcopy < ~/.ssh/id_rsa_gitee_3138.pub
cityfruit@shiyanchaodeMBP ~/.ssh
cityfruit@shiyanchaodeMBP ~/.ssh
cityfruit@shiyanchaodeMBP ~/.ssh ssh -T git@github.com
Enter passphrase for key '/Users/cityfruit/.ssh/id_rsa':
Hi doingself! You've successfully authenticated, but GitHub does not provide shell access.
✘ cityfruit@shiyanchaodeMBP ~/.ssh ssh -T git@github_haha
Enter passphrase for key '/Users/cityfruit/.ssh/id_rsa':
Hi doingself! You've successfully authenticated, but GitHub does not provide shell access.
✘ cityfruit@shiyanchaodeMBP ~/.ssh
✘ cityfruit@shiyanchaodeMBP ~/.ssh ssh -T git@gitee.com
git@gitee.com: Permission denied (publickey).
✘ cityfruit@shiyanchaodeMBP ~/.ssh ssh -T git@gitee_hehe
Enter passphrase for key '/Users/cityfruit/.ssh/id_rsa_gitee_3138':
Hi tiny! You've successfully authenticated, but GITEE.COM does not provide shell access.
cityfruit@shiyanchaodeMBP ~/.ssh
cityfruit@shiyanchaodeMBP ~/.ssh
Windows 10 操作记录 (github + gitee)
Admin@DESKTOP-BBFBUU0 MINGW64 ~
$ cd ~/.ssh/
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ pwd
/c/Users/Admin/.ssh
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ ssh-keygen -t rsa -f id_rsa_github_xy -C daviondk@163.com
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_github_xy
Your public key has been saved in id_rsa_github_xy.pub
The key fingerprint is:
SHA256:0u3jNJxmn7FXu0ofL0cU3PbWRsTaxV0jZRdnzc4OS0U daviondk@163.com
The key's randomart image is:
+---[RSA 3072]----+
| .o@E|
| o+/|
| O=|
| . . + X|
| . S . . B |
| . o . . +|
| X .. +.|
| = +.++.+|
| . +o.=o|
+----[SHA256]-----+
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ ssh-keygen -t rsa -f id_rsa_gitee_xy -C daviondk@163.com
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_gitee_xy
Your public key has been saved in id_rsa_gitee_xy.pub
The key fingerprint is:
SHA256:ObWMU5DWnvbDRJym7xgvJqyQN+4kY1oB8T/74Gdx50U daviondk@163.com
The key's randomart image is:
+---[RSA 3072]----+
| . .o . . |
| o o.. = |
| . . . .o= |
| . . *=.. E |
| . o S.o= . |
| o o.oo * . |
| B *. o B o |
| + O += + + |
| . .=+.o . |
+----[SHA256]-----+
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ ll
total 10
-rw-r--r-- 1 Admin 197121 2602 Dec 23 17:33 id_rsa_gitee_xy
-rw-r--r-- 1 Admin 197121 570 Dec 23 17:33 id_rsa_gitee_xy.pub
-rw-r--r-- 1 Admin 197121 2602 Dec 23 17:33 id_rsa_github_xy
-rw-r--r-- 1 Admin 197121 570 Dec 23 17:33 id_rsa_github_xy.pub
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ vim config
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ cat config
# github
Host github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_github_xy
# gitee
Host gitee.com
HostName gitee.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_gitee_xy
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ ssh -T git@gitee.com
Hi tiny! You've successfully authenticated, but GITEE.COM does not provide shell access.
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$ ssh -T git@github.com
Hi doingself! You've successfully authenticated, but GitHub does not provide shell access.
Admin@DESKTOP-BBFBUU0 MINGW64 ~/.ssh
$
