ssh @ -p 密钥
Welcome to our ultimate guide to setting up SSH (Secure Shell) keys. This tutorial will walk you through the basics of creating SSH keys, and also how to manage multiple keys and key pairs.
欢迎使用我们的终极指南来设置SSH(安全外壳)密钥。 本教程将指导您创建SSH密钥的基础知识,以及如何管理多个密钥和密钥对。
创建一个新的SSH密钥对 (Create a New SSH Key Pair)
Open a terminal and run the following command:
打开一个终端并运行以下命令:
ssh-keygen
You will see the following text:
您将看到以下文本:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Press enter to save your keys to the default /home/username/.ssh
directory.
按Enter键将密钥保存到默认的/home/username/.ssh
目录。
Then you'll be prompted to enter a password:
然后将提示您输入密码:
Enter passphrase (empty for no passphrase):
It's recommended to enter a password here for an extra layer of security. By setting a password, you could prevent unauthorized access to your servers and accounts if someone ever gets a hold of your private SSH key or your machine.
建议在此处输入密码以增加安全性。 通过设置密码,如果有人持有您的私有SSH密钥或计算机,则可以防止未经授权访问您的服务器和帐户。
After entering and confirming your password, you'll see the following:
输入并确认密码后,您将看到以下内容:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/qRoWhRcIBTw0D4KpTUyK6YepyL6RQ2CQrtWsaicCb4 username@871e129f767b
The key's randomart image is:
+---[RSA 2048]----+
| .o=+.... |
|+.*o+o . |
|+X.=o o |
|@.=.oo . |
|=O ...o S |
|o.oo . . |
|.E+ . . . . |
|oo . ... + |
|=.. .o. . . |
+----[SHA256]-----+
You now have a public and private SSH key pair you can use to access remote servers and to handle authentication for command line programs like Git.
现在,您拥有一个公共和私有SSH密钥对,可用于访问远程服务器并处理诸如Git之类的命令行程序的身份验证。
管理多个SSH密钥 (Manage Multiple SSH Keys)
Though it's considered good practice to have only one public-private key pair per device, sometimes you need to use multiple keys or you have unorthodox key names. For example, you might be using one SSH key pair for working on your company's internal projects, but you might be using a different key for accessing a client's servers. On top of that, you might be using a different key pair for accessing your own private server.
尽管每台设备只有一个公私钥对被认为是一种很好的做法,但是有时您需要使用多个密钥,或者您拥有非正统的密钥名称。 例如,您可能正在使用一个SSH密钥对来处理公司的内部项目,但是可能正在使用其他密钥来访问客户端的服务器。 最重要的是,您可能使用其他密钥对来访问自己的私有服务器。
Managing SSH keys can become cumbersome as soon as you need to use a second key. Traditionally, you would use ssh-add
to store your keys to ssh-agent
, typing in the password for each key. The problem is that you would need to do this every time you restart your computer, which can quickly become tedious.
一旦需要使用第二个密钥,管理SSH密钥就会变得很麻烦。 传统上,您将使用ssh-add
将密钥存储到ssh-agent
,为每个密钥输入密码。 问题在于,每次重新启动计算机时都需要执行此操作,这很快就会变得乏味。
A better solution is to automate adding keys, store passwords, and to specify which key to use when accessing certain servers.
更好的解决方案是自动添加密钥,存储密码,并指定访问某些服务器时使用哪个密钥。
SSH config
(SSH config
)
Enter SSH config
, which is a per-user configuration file for SSH communication. Create a new file: ~/.ssh/config
and open it for editing:
输入SSH config
,这是用于SSH通信的每个用户的配置文件。 创建一个新文件: ~/.ssh/config
并打开以进行编辑:
nano ~/.ssh/config
管理自定义命名的SSH密钥 (Managing Custom Named SSH key)
The first thing we are going to solve using this config
file is to avoid having to add custom-named SSH keys using ssh-add
. Assuming your private SSH key is named ~/.ssh/id_rsa
, add following to the config
file:
使用此config
文件,我们要解决的第一件事是避免必须使用ssh-add
添加自定义名称的SSH密钥。 假设您的私人SSH密钥名为~/.ssh/id_rsa
,请将以下内容添加到config
文件中:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
Next, make sure that ~/.ssh/id_rsa
is not in ssh-agent
by opening another terminal and running the following command:
接下来,通过打开另一个终端并运行以下命令,确保~/.ssh/id_rsa
不在ssh-agent
:
ssh-add -D
This command will remove all keys from currently active ssh-agent
session.
此命令将从当前活动的ssh-agent
会话中删除所有密钥。
Now if you try closing a GitHub repository, your config
file will use the key at ~/.ssh/ida_rsa
.
现在,如果您尝试关闭GitHub存储库,则config
文件将使用~/.ssh/ida_rsa
处的密钥。
Here are some other useful configuration examples:
以下是一些其他有用的配置示例:
Host bitbucket-corporate
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_corp
IdentitiesOnly yes
Now you can use git clone git@bitbucket-corporate:company/project.git
现在您可以使用git clone git@bitbucket-corporate:company/project.git
Host bitbucket-personal
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa_personal
IdentitiesOnly yes
Now you can use git clone git@bitbucket-personal:username/other-pi-project.git
现在您可以使用git clone git@bitbucket-personal:username/other-pi-project.git
Host myserver
HostName ssh.username.com
Port 1111
IdentityFile ~/.ssh/id_rsa_personal
IdentitiesOnly yes
User username
IdentitiesOnly yes
Now you can SSH into your server using ssh myserver
. You no longer need to enter a port and username every time you SSH into your private server.
现在,您可以使用ssh myserver
SSH进入服务器。 每次SSH进入专用服务器时,您都不再需要输入端口和用户名。
密码管理 (Password management)
The last piece of the puzzle is managing passwords. It can get very tedious entering a password every time you initialize an SSH connection. To get around this, we can use the password management software that comes with macOS and various Linux distributions.
最后一个难题是管理密码。 每次初始化SSH连接时,输入密码都会非常麻烦。 为了解决这个问题,我们可以使用macOS和各种Linux发行版随附的密码管理软件。
For this tutorial we will use macOS's Keychain Access program. Start by adding your key to the Keychain Access by passing -K
option to the ssh-add
command:
在本教程中,我们将使用macOS的“钥匙串访问”程序。 首先,通过将-K
选项传递给ssh-add
命令,将密钥添加到“钥匙串访问”中:
ssh-add -K ~/.ssh/id_rsa_whatever
Now you can see your SSH key in Keychain Access:
现在,您可以在“钥匙串访问”中看到您的SSH密钥:
But if you remove the keys from ssh-agent
with ssh-add -D
or restart your computer, you will be prompted for password again when you try to use SSH. Turns out there's one more hoop to jump through. Open your SSH config
file by running nano ~/.ssh/config
and add the following:
但是,如果使用ssh-add -D
从ssh-agent
删除密钥或重新启动计算机,则在尝试使用SSH时会再次提示您输入密码。 事实证明,还有另外一环要跳。 通过运行nano ~/.ssh/config
打开SSH config
文件,并添加以下内容:
Host *
AddKeysToAgent yes
UseKeychain yes
With that, whenever you run ssh
it will look for keys in Keychain Access. If it finds one, you will no longer be prompted for a password. Keys will also automatically be added to ssh-agent
every time you restart your machine.
这样,每当您运行ssh
,它将在Keychain Access中查找密钥。 如果找到一个,将不再提示您输入密码。 每次重新启动计算机时,密钥也会自动添加到ssh-agent
。
Now that you know the basics of creating new SSH keys and managing multiple keys, go out and ssh
to your heart's content!
现在,您已经了解了创建新的SSH密钥和管理多个密钥的基础知识,然后动身并ssh
吧!
翻译自: https://www.freecodecamp.org/news/the-ultimate-guide-to-ssh-setting-up-ssh-keys/
ssh @ -p 密钥